rpms/mcstrans
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import mcstrans-3.3-2.el9

Browse Source
This commit is contained in:
CentOS Sources 2022-05-17 06:25:32 -04:00 committed by Stepan Oksanichenko
commit ed03200d46
10 changed files with 1498 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/mcstrans-3.3.tar.gz

1
.mcstrans.metadata Normal file
View File

@ -0,0 +1 @@
7b1eff06ef33044bfe2956dfc037e698d671c32f SOURCES/mcstrans-3.3.tar.gz

129
SOURCES/0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch Normal file
View File

@ -0,0 +1,129 @@
From 58a11e55120de4700d4e874dee0d8c36d13caedd Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 28 Nov 2018 18:28:05 +0100
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
defects
---
mcstrans/src/mcstrans.c | 21 +++++++++++++++++++--
mcstrans/src/mcstransd.c | 4 +++-
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index e92dfddb0d20..d0690e6b0dca 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
map->raw = strdup(raw);
if (!map->raw) {
+ free(map);
goto err;
}
map->trans = strdup(trans);
if (!map->trans) {
+ free(map->raw);
+ free(map);
goto err;
}
log_debug(" add_cache (%s,%s)\n", raw, trans);
- if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0)
+ if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0) {
+ free(map->trans);
+ free(map->raw);
+ free(map);
goto err;
+ }
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
goto err;
@@ -1520,6 +1527,7 @@ trans_context(const char *incon, char **rcon) {
trans = compute_trans_from_raw(range, domain);
if (trans)
if (add_cache(domain, range, trans) < 0) {
+ free(trans);
free(range);
return -1;
}
@@ -1531,6 +1539,7 @@ trans_context(const char *incon, char **rcon) {
ltrans = compute_trans_from_raw(lrange, domain);
if (ltrans) {
if (add_cache(domain, lrange, ltrans) < 0) {
+ free(ltrans);
free(range);
return -1;
}
@@ -1549,6 +1558,7 @@ trans_context(const char *incon, char **rcon) {
utrans = compute_trans_from_raw(urange, domain);
if (utrans) {
if (add_cache(domain, urange, utrans) < 0) {
+ free(utrans);
free(ltrans);
free(range);
return -1;
@@ -1648,14 +1658,19 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(raw, domain);
if (canonical && strcmp(canonical, range))
if (add_cache(domain, raw, canonical) < 0) {
+ free(canonical);
free(range);
+ free(raw);
return -1;
}
}
- if (canonical)
+ if (canonical) {
free(canonical);
+ free(raw);
+ }
if (add_cache(domain, raw, range) < 0) {
free(range);
+ free(raw);
return -1;
}
} else {
@@ -1673,6 +1688,7 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(lraw, domain);
if (canonical)
if (add_cache(domain, lraw, canonical) < 0) {
+ free(canonical);
free(lraw);
free(range);
return -1;
@@ -1704,6 +1720,7 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(uraw, domain);
if (canonical)
if (add_cache(domain, uraw, canonical) < 0) {
+ free(canonical);
free(uraw);
free(lraw);
free(range);
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
index 59c152e73be1..5191fc98ef06 100644
--- a/mcstrans/src/mcstransd.c
+++ b/mcstrans/src/mcstransd.c
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
/* Setup pollfd for deletion later. */
(*ufds)[ii].fd = -1;
close(connfd);
+ connfd = -1;
/* So we don't get bothered later */
revents = revents & ~(POLLHUP);
}
@@ -348,10 +349,11 @@ process_events(struct pollfd **ufds, int *nfds)
/* Set the pollfd up for deletion later. */
(*ufds)[ii].fd = -1;
close(connfd);
+ connfd = -1;
revents = revents & ~(POLLHUP);
}
- if (revents) {
+ if (revents && connfd != -1) {
syslog(LOG_ERR, "Unknown/error events (%x) encountered"
" for fd (%d)\n", revents, connfd);
--
2.32.0

28
SOURCES/0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch Normal file
View File

@ -0,0 +1,28 @@
From 7a170534163ab9d9159dddfadb996587d98fe30e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 9 May 2019 16:44:43 +0200
Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
---
mcstrans/src/mcstrans.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index d0690e6b0dca..8678418a1570 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -1664,10 +1664,8 @@ untrans_context(const char *incon, char **rcon) {
return -1;
}
}
- if (canonical) {
+ if (canonical)
free(canonical);
- free(raw);
- }
if (add_cache(domain, raw, range) < 0) {
free(range);
free(raw);
--
2.32.0

59
SOURCES/0003-mcstrans-Do-not-accept-incomplete-contexts.patch Normal file
View File

@ -0,0 +1,59 @@
From a6e2b2287254b2880e8697707f10bd303ffcc06a Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 15 Apr 2019 15:22:51 +0200
Subject: [PATCH] mcstrans: Do not accept incomplete contexts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes:
$ python3
> import selinux
> selinux.selinux_raw_context_to_color("xyz_u:xyz_r:xyz_t:")
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
OSError: [Errno 0] Error
:: [ 10:25:45 ] :: [ BEGIN ] :: Running 'service mcstransd status'
Redirecting to /bin/systemctl status mcstransd.service
● mcstrans.service - Translates SELinux MCS/MLS labels to human readable form
Loaded: loaded (/usr/lib/systemd/system/mcstrans.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Fri 2019-04-12 10:25:44 EDT; 1s ago
Process: 16681 ExecStart=/sbin/mcstransd -f (code=dumped, signal=SEGV)
Main PID: 16681 (code=dumped, signal=SEGV)
systemd[1]: mcstrans.service: Main process exited, code=dumped, status=11/SEGV
systemd[1]: mcstrans.service: Failed with result 'core-dump'.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
mcstrans/src/mcscolor.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
index a38388501db5..94421a58dee4 100644
--- a/mcstrans/src/mcscolor.c
+++ b/mcstrans/src/mcscolor.c
@@ -272,10 +272,14 @@ static const unsigned precedence[N_COLOR][N_COLOR - 1] = {
static const secolor_t default_color = { 0x000000, 0xffffff };
static int parse_components(context_t con, char **components) {
- components[COLOR_USER] = (char *)context_user_get(con);
- components[COLOR_ROLE] = (char *)context_role_get(con);
- components[COLOR_TYPE] = (char *)context_type_get(con);
- components[COLOR_RANGE] = (char *)context_range_get(con);
+ if ((components[COLOR_USER] = (char *)context_user_get(con)) == NULL)
+ return -1;
+ if ((components[COLOR_ROLE] = (char *)context_role_get(con)) == NULL)
+ return -1;
+ if ((components[COLOR_TYPE] = (char *)context_type_get(con)) == NULL)
+ return -1;
+ if ((components[COLOR_RANGE] = (char *)context_range_get(con)) == NULL)
+ return -1;
return 0;
}
--
2.32.0

63
SOURCES/0004-mcstrans-fix-RESOURCE_LEAK-CWE-772.patch Normal file
View File

@ -0,0 +1,63 @@
From a98f2f8f2f1c14646ec9c80faecf14e9bf4bbd2c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 5 Aug 2021 16:26:44 +0200
Subject: [PATCH] mcstrans: fix RESOURCE_LEAK (CWE-772)
Fixes:
Error: RESOURCE_LEAK (CWE-772): [#def1]
mcstrans-3.2/src/mcstrans.c:1527: alloc_fn: Storage is returned from allocation function "compute_trans_from_raw".
mcstrans-3.2/src/mcstrans.c:1527: var_assign: Assigning: "trans" = storage returned from "compute_trans_from_raw(range, domain)".
mcstrans-3.2/src/mcstrans.c:1529: noescape: Resource "trans" is not freed or pointed-to in "add_cache".
mcstrans-3.2/src/mcstrans.c:1515: overwrite_var: Overwriting "trans" in "trans = find_in_hashtable(range, domain, domain->raw_to_trans)" leaks the storage that "trans" points to.
# 1513| domain_t *domain = domains;
# 1514| for (;domain; domain = domain->next) {
# 1515|-> trans = find_in_hashtable(range, domain, domain->raw_to_trans);
# 1516| if (trans) break;
# 1517|
Error: RESOURCE_LEAK (CWE-772): [#def2]
mcstrans-3.2/src/mcstrans.c:1654: alloc_fn: Storage is returned from allocation function "compute_raw_from_trans".
mcstrans-3.2/src/mcstrans.c:1654: var_assign: Assigning: "raw" = storage returned from "compute_raw_from_trans(range, domain)".
mcstrans-3.2/src/mcstrans.c:1656: noescape: Resource "raw" is not freed or pointed-to in "find_in_hashtable".
mcstrans-3.2/src/mcstrans.c:1669: noescape: Resource "raw" is not freed or pointed-to in "add_cache".
mcstrans-3.2/src/mcstrans.c:1642: overwrite_var: Overwriting "raw" in "raw = find_in_hashtable(range, domain, domain->trans_to_raw)" leaks the storage that "raw" points to.
# 1640| domain_t *domain = domains;
# 1641| for (;domain; domain = domain->next) {
# 1642|-> raw = find_in_hashtable(range, domain, domain->trans_to_raw);
# 1643| if (raw) break;
# 1644|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
mcstrans/src/mcstrans.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index 8678418a1570..4e110e02f73a 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -1598,6 +1598,10 @@ trans_context(const char *incon, char **rcon) {
}
if (dashp)
*dashp = '-';
+ if (trans) {
+ free(trans);
+ trans = NULL;
+ }
}
if (trans) {
@@ -1769,6 +1773,10 @@ untrans_context(const char *incon, char **rcon) {
}
if (dashp)
*dashp = '-';
+ if (raw) {
+ free(raw);
+ raw = NULL;
+ }
}
if (raw) {
--
2.32.0

343
SOURCES/0005-mcstrans-avoid-missing-prototypes.patch Normal file
View File

@ -0,0 +1,343 @@
From 0fd5d05f4c5cbe4fbeb445f1b0bccfe1833a7253 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 12 Nov 2021 16:41:58 +0100
Subject: [PATCH] mcstrans: avoid missing prototypes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Mark local functions static.
Export functions of mcscolor.c in mcscolor.h and avoid bare extern
function declarations.
Drop unused function emit_whitespace().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
mcstrans/src/mcscolor.c | 2 ++
mcstrans/src/mcscolor.h | 8 ++++++
mcstrans/src/mcstrans.c | 57 ++++++++++++++++++----------------------
mcstrans/src/mcstrans.h | 1 -
mcstrans/src/mcstransd.c | 13 +++------
5 files changed, 38 insertions(+), 43 deletions(-)
create mode 100644 mcstrans/src/mcscolor.h
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
index a38388501db5..9ff0ce2f29f1 100644
--- a/mcstrans/src/mcscolor.c
+++ b/mcstrans/src/mcscolor.c
@@ -11,6 +11,8 @@
#include <syslog.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
+
+#include "mcscolor.h"
#include "mcstrans.h"
/* Define data structures */
diff --git a/mcstrans/src/mcscolor.h b/mcstrans/src/mcscolor.h
new file mode 100644
index 000000000000..c37fe6ed5197
--- /dev/null
+++ b/mcstrans/src/mcscolor.h
@@ -0,0 +1,8 @@
+#ifndef __mcscolor_h__
+#define __mcscolor_h__
+
+extern void finish_context_colors(void);
+extern int init_colors(void);
+extern int raw_color(const char *raw, char **color_str);
+
+#endif
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index e92dfddb0d20..09577ea0cc0b 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -136,7 +136,7 @@ typedef struct cat_constraint {
static cat_constraint_t *cat_constraints;
-unsigned int
+static unsigned int
hash(const char *str) {
unsigned int hash = 5381;
int c;
@@ -213,7 +213,7 @@ parse_category(ebitmap_t *e, const char *raw, int allowinverse)
return 0;
}
-int
+static int
parse_ebitmap(ebitmap_t *e, ebitmap_t *def, const char *raw) {
int rc = ebitmap_cpy(e, def);
if (rc < 0)
@@ -224,7 +224,7 @@ parse_ebitmap(ebitmap_t *e, ebitmap_t *def, const char *raw) {
return 0;
}
-mls_level_t *
+static mls_level_t *
parse_raw(const char *raw) {
mls_level_t *mls = calloc(1, sizeof(mls_level_t));
if (!mls)
@@ -248,7 +248,7 @@ err:
return NULL;
}
-void
+static void
destroy_word(word_t **list, word_t *word) {
if (!word) {
return;
@@ -267,7 +267,7 @@ destroy_word(word_t **list, word_t *word) {
free(word);
}
-word_t *
+static word_t *
create_word(word_t **list, const char *text) {
word_t *w = calloc(1, sizeof(word_t));
if (!w) {
@@ -291,7 +291,7 @@ err:
return NULL;
}
-void
+static void
destroy_group(word_group_t **list, word_group_t *group) {
for (; list && *list; list = &(*list)->next) {
if (*list == group) {
@@ -324,7 +324,7 @@ destroy_group(word_group_t **list, word_group_t *group) {
free(group);
}
-word_group_t *
+static word_group_t *
create_group(word_group_t **list, const char *name) {
word_group_t *group = calloc(1, sizeof(word_group_t));
if (!group)
@@ -357,7 +357,7 @@ err:
return NULL;
}
-void
+static void
destroy_domain(domain_t *domain) {
int i;
unsigned int rt = 0, tr = 0;
@@ -401,7 +401,7 @@ destroy_domain(domain_t *domain) {
syslog(LOG_INFO, "cache sizes: tr = %u, rt = %u", tr, rt);
}
-domain_t *
+static domain_t *
create_domain(const char *name) {
domain_t *domain = calloc(1, sizeof(domain_t));
if (!domain) {
@@ -425,7 +425,7 @@ err:
return NULL;
}
-int
+static int
add_word(word_group_t *group, char *raw, char *trans) {
if (strchr(trans,'-')) {
log_error("'%s'is invalid because '-' is illegal in modifiers.\n", trans);
@@ -451,7 +451,7 @@ add_word(word_group_t *group, char *raw, char *trans) {
return 0;
}
-int
+static int
add_constraint(char op, char *raw, char *tok) {
log_debug("%s\n", "add_constraint");
ebitmap_t empty;
@@ -521,7 +521,7 @@ add_constraint(char op, char *raw, char *tok) {
return 0;
}
-int
+static int
violates_constraints(mls_level_t *l) {
int nbits;
sens_constraint_t *s;
@@ -563,7 +563,7 @@ violates_constraints(mls_level_t *l) {
return 0;
}
-void
+static void
destroy_sens_constraint(sens_constraint_t **list, sens_constraint_t *constraint) {
if (!constraint) {
return;
@@ -580,7 +580,7 @@ destroy_sens_constraint(sens_constraint_t **list, sens_constraint_t *constraint)
free(constraint);
}
-void
+static void
destroy_cat_constraint(cat_constraint_t **list, cat_constraint_t *constraint) {
if (!constraint) {
return;
@@ -663,7 +663,7 @@ find_in_table(context_map_node_t **table, const char *key) {
return NULL;
}
-char *
+static char *
trim(char *str, const char *whitespace) {
char *p = str + strlen(str);
@@ -672,7 +672,7 @@ trim(char *str, const char *whitespace) {
return str;
}
-char *
+static char *
triml(char *str, const char *whitespace) {
char *p = str;
@@ -681,7 +681,7 @@ triml(char *str, const char *whitespace) {
return p;
}
-int
+static int
update(char **p, char *const val) {
free (*p);
*p = strdup(val);
@@ -692,7 +692,7 @@ update(char **p, char *const val) {
return 0;
}
-int
+static int
append(affix_t **affixes, const char *val) {
affix_t *affix = calloc(1, sizeof(affix_t));
if (!affix) {
@@ -887,7 +887,7 @@ init_translations(void) {
return(read_translations(selinux_translations_path()));
}
-char *
+static char *
extract_range(const char *incon) {
context_t con = context_new(incon);
if (!con) {
@@ -910,7 +910,7 @@ extract_range(const char *incon) {
return r;
}
-char *
+static char *
new_context_str(const char *incon, const char *range) {
char *rcon = NULL;
context_t con = context_new(incon);
@@ -931,7 +931,7 @@ exit:
return NULL;
}
-char *
+static char *
find_in_hashtable(const char *range, domain_t *domain, context_map_node_t **table) {
char *trans = NULL;
context_map_t *map = find_in_table(table, range);
@@ -946,13 +946,6 @@ find_in_hashtable(const char *range, domain_t *domain, context_map_node_t **tabl
return trans;
}
-void
-emit_whitespace(char*buffer, char *whitespace) {
- strcat(buffer, "[");
- strcat(buffer, whitespace);
- strcat(buffer, "]");
-}
-
static int
string_size(const void *p1, const void *p2) {
return strlen(*(char **)p2) - strlen(*(char **)p1);
@@ -969,7 +962,7 @@ word_size(const void *p1, const void *p2) {
return (w2_len - w1_len);
}
-void
+static void
build_regexp(pcre **r, char *buffer) {
const char *error;
int error_offset;
@@ -982,7 +975,7 @@ build_regexp(pcre **r, char *buffer) {
buffer[0] = '\0';
}
-int
+static int
build_regexps(domain_t *domain) {
char buffer[1024 * 128];
buffer[0] = '\0';
@@ -1086,7 +1079,7 @@ build_regexps(domain_t *domain) {
return 0;
}
-char *
+static char *
compute_raw_from_trans(const char *level, domain_t *domain) {
#ifdef DEBUG
@@ -1278,7 +1271,7 @@ err:
return NULL;
}
-char *
+static char *
compute_trans_from_raw(const char *level, domain_t *domain) {
#ifdef DEBUG
diff --git a/mcstrans/src/mcstrans.h b/mcstrans/src/mcstrans.h
index e5cda93b8a4b..0addb325e569 100644
--- a/mcstrans/src/mcstrans.h
+++ b/mcstrans/src/mcstrans.h
@@ -6,4 +6,3 @@ extern int init_translations(void);
extern void finish_context_translations(void);
extern int trans_context(const char *, char **);
extern int untrans_context(const char *, char **);
-
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
index 59c152e73be1..536c0f32f23a 100644
--- a/mcstrans/src/mcstransd.c
+++ b/mcstrans/src/mcstransd.c
@@ -16,6 +16,8 @@
#include <sys/types.h>
#include <sys/uio.h>
#include <sys/un.h>
+
+#include "mcscolor.h"
#include "mcstrans.h"
#ifdef UNUSED
@@ -43,15 +45,6 @@
#define log_debug(fmt, ...) do {} while (0)
#endif
-extern int init_translations(void);
-extern void finish_context_translations(void);
-extern int trans_context(const char *, char **);
-extern int untrans_context(const char *, char **);
-
-extern int init_colors(void);
-extern void finish_context_colors(void);
-extern int raw_color(const char *, char **);
-
#define SETRANSD_PATHNAME "/sbin/mcstransd"
/* name of program (for error messages) */
@@ -514,7 +507,7 @@ initialize(void)
}
-void dropprivs(void)
+static void dropprivs(void)
{
cap_t new_caps;
--
2.33.1

344
SOURCES/0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch Normal file
View File

@ -0,0 +1,344 @@
From c8fea6b657cc256c43fc9c5dbe2c4e04677416c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 30 Nov 2021 12:04:25 +0100
Subject: [PATCH] mcstrans: port to new PCRE2 from end-of-life PCRE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Quoting pcre.org:
There are two major versions of the PCRE library. The current
version, PCRE2, released in 2015, is now at version 10.39.
The older, but still widely deployed PCRE library, originally
released in 1997, is at version 8.45. This version of PCRE is now at
end of life, and is no longer being actively maintained. Version
8.45 is expected to be the final release of the older PCRE library,
and new projects should use PCRE2 instead.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
mcstrans/Makefile | 6 ++
mcstrans/src/Makefile | 4 +-
mcstrans/src/mcstrans.c | 131 ++++++++++++++++++++++++++++------------
mcstrans/utils/Makefile | 6 +-
4 files changed, 104 insertions(+), 43 deletions(-)
diff --git a/mcstrans/Makefile b/mcstrans/Makefile
index c993a9f52713..b20279ab984a 100644
--- a/mcstrans/Makefile
+++ b/mcstrans/Makefile
@@ -1,3 +1,9 @@
+PKG_CONFIG ?= pkg-config
+PCRE_MODULE := libpcre2-8
+PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE)) -DPCRE2_CODE_UNIT_WIDTH=8
+PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE))
+export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS
+
all:
$(MAKE) -C src
$(MAKE) -C utils
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 76ef055714e9..ef518625cd3b 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -20,10 +20,10 @@ CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
all: $(PROG)
$(PROG): $(PROG_OBJS) $(LIBSEPOLA)
- $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LDLIBS_LIBSEPOLA)
+ $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap $(PCRE_LDLIBS) $(LDLIBS_LIBSEPOLA)
%.o: %.c
- $(CC) $(CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o $@ $<
+ $(CC) $(CFLAGS) $(PCRE_CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o $@ $<
install: all
test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index 09577ea0cc0b..6e4bfd3b16bd 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -26,7 +26,7 @@
#include <selinux/context.h>
#include <syslog.h>
#include <errno.h>
-#include <pcre.h>
+#include <pcre2.h>
#include <ctype.h>
#include <time.h>
#include <sys/time.h>
@@ -36,7 +36,6 @@
#include "mcstrans.h"
#define N_BUCKETS 1453
-#define OVECCOUNT (512*3)
#define log_error(fmt, ...) fprintf(stderr, fmt, __VA_ARGS__)
@@ -82,9 +81,9 @@ typedef struct word_group {
affix_t *suffixes;
word_t *words;
- pcre *prefix_regexp;
- pcre *word_regexp;
- pcre *suffix_regexp;
+ pcre2_code *prefix_regexp;
+ pcre2_code *word_regexp;
+ pcre2_code *suffix_regexp;
ebitmap_t def;
@@ -109,7 +108,7 @@ typedef struct domain {
base_classification_t *base_classifications;
word_group_t *groups;
- pcre *base_classification_regexp;
+ pcre2_code *base_classification_regexp;
struct domain *next;
} domain_t;
@@ -317,9 +316,9 @@ destroy_group(word_group_t **list, word_group_t *group) {
free(group->name);
free(group->sword);
free(group->join);
- pcre_free(group->prefix_regexp);
- pcre_free(group->word_regexp);
- pcre_free(group->suffix_regexp);
+ pcre2_code_free(group->prefix_regexp);
+ pcre2_code_free(group->word_regexp);
+ pcre2_code_free(group->suffix_regexp);
ebitmap_destroy(&group->def);
free(group);
}
@@ -392,7 +391,7 @@ destroy_domain(domain_t *domain) {
free(domain->base_classifications);
domain->base_classifications = next;
}
- pcre_free(domain->base_classification_regexp);
+ pcre2_code_free(domain->base_classification_regexp);
while (domain->groups)
destroy_group(&domain->groups, domain->groups);
free(domain->name);
@@ -963,14 +962,16 @@ word_size(const void *p1, const void *p2) {
}
static void
-build_regexp(pcre **r, char *buffer) {
- const char *error;
- int error_offset;
+build_regexp(pcre2_code **r, char *buffer) {
+ int error;
+ PCRE2_SIZE error_offset;
if (*r)
- pcre_free(*r);
- *r = pcre_compile(buffer, PCRE_CASELESS, &error, &error_offset, NULL);
- if (error) {
- log_error("pcre=%s, error=%s\n", buffer, error ? error: "none");
+ pcre2_code_free(*r);
+ *r = pcre2_compile((PCRE2_SPTR8) buffer, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &error, &error_offset, NULL);
+ if (!*r) {
+ PCRE2_UCHAR errbuf[256];
+ pcre2_get_error_message(error, errbuf, sizeof(errbuf));
+ log_error("pcre compilation of '%s' failed at offset %zu: %s\n", buffer, error_offset, errbuf);
}
buffer[0] = '\0';
}
@@ -1088,12 +1089,12 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
#endif
int rc = 0;
- int ovector[OVECCOUNT];
+ pcre2_match_data *match_data = NULL;
word_group_t *g = NULL;
char *work = NULL;
char *r = NULL;
- const char * match = NULL;
- int work_len;
+ char *match = NULL;
+ size_t work_len;
mls_level_t *mraw = NULL;
ebitmap_t set, clear, tmp;
@@ -1114,11 +1115,20 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
if (!domain->base_classification_regexp)
goto err;
log_debug(" compute_raw_from_trans work = %s\n", work);
- rc = pcre_exec(domain->base_classification_regexp, 0, work, work_len, 0, PCRE_ANCHORED, ovector, OVECCOUNT);
+ match_data = pcre2_match_data_create_from_pattern(domain->base_classification_regexp, NULL);
+ if (!match_data) {
+ log_error("allocation error %s", strerror(errno));
+ goto err;
+ }
+ rc = pcre2_match(domain->base_classification_regexp, (PCRE2_SPTR8)work, work_len, 0, PCRE2_ANCHORED, match_data, NULL);
if (rc > 0) {
- match = NULL;
- pcre_get_substring(work, ovector, rc, 0, &match);
- log_debug(" compute_raw_from_trans match = %s len = %u\n", match, strlen(match));
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
+ match = strndup(work + ovector[0], ovector[1] - ovector[0]);
+ if (!match) {
+ log_error("allocation error %s", strerror(errno));
+ goto err;
+ }
+ log_debug(" compute_raw_from_trans match = %s len = %zu\n", match, strlen(match));
base_classification_t *bc;
for (bc = domain->base_classifications; bc; bc = bc->next) {
if (!strcmp(bc->trans, match)) {
@@ -1138,12 +1148,23 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
char *p=work + ovector[0] + ovector[1];
while (*p && (strchr(" ", *p) != NULL))
*p++ = '#';
- pcre_free((char *)match);
+
+ free(match);
match = NULL;
} else {
- log_debug(" compute_raw_from_trans no base classification matched %s\n", level);
+ switch (rc) {
+ case PCRE2_ERROR_NOMATCH:
+ log_debug(" compute_raw_from_trans no base classification matched %s\n", level);
+ break;
+ default:
+ log_error("compute_raw_from_trans: base matching error for input '%s': %d\n", level, rc);
+ break;
+ }
}
+ pcre2_match_data_free(match_data);
+ match_data = NULL;
+
if (mraw == NULL) {
goto err;
}
@@ -1154,23 +1175,43 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
change = 0;
for (g = domain->groups; g && !change && !complete; g = g->next) {
int prefix = 0, suffix = 0;
- int prefix_offset = 0, prefix_len = 0;
- int suffix_offset = 0, suffix_len = 0;
+ PCRE2_SIZE prefix_offset = 0, prefix_len = 0;
+ PCRE2_SIZE suffix_offset = 0, suffix_len = 0;
if (g->prefix_regexp) {
- rc = pcre_exec(g->prefix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT);
+ match_data = pcre2_match_data_create_from_pattern(g->prefix_regexp, NULL);
+ if (!match_data) {
+ log_error("allocation error %s", strerror(errno));
+ goto err;
+ }
+ rc = pcre2_match(g->prefix_regexp, (PCRE2_SPTR8)work, work_len, 0, 0, match_data, NULL);
if (rc > 0) {
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
prefix = 1;
prefix_offset = ovector[0];
prefix_len = ovector[1] - ovector[0];
+ } else if (rc != PCRE2_ERROR_NOMATCH) {
+ log_error("compute_raw_from_trans: prefix matching error for input '%s': %d\n", level, rc);
}
+ pcre2_match_data_free(match_data);
+ match_data = NULL;
}
if (g->suffix_regexp) {
- rc = pcre_exec(g->suffix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT);
+ match_data = pcre2_match_data_create_from_pattern(g->suffix_regexp, NULL);
+ if (!match_data) {
+ log_error("allocation error %s", strerror(errno));
+ goto err;
+ }
+ rc = pcre2_match(g->suffix_regexp, (PCRE2_SPTR8)work, work_len, 0, 0, match_data, NULL);
if (rc > 0) {
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
suffix = 1;
suffix_offset = ovector[0];
suffix_len = ovector[1] - ovector[0];
+ } else if (rc != PCRE2_ERROR_NOMATCH) {
+ log_error("compute_raw_from_trans: suffix matching error for input '%s': %d\n", level, rc);
}
+ pcre2_match_data_free(match_data);
+ match_data = NULL;
}
/* anchors prefix ^, suffix $ */
@@ -1179,14 +1220,23 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
(g->suffixes && suffix)) &&
g->word_regexp) {
char *s = work + prefix_offset + prefix_len;
- int l = (suffix_len ? suffix_offset : work_len) - prefix_len - prefix_offset;
- rc = pcre_exec(g->word_regexp, 0, s, l, 0, 0, ovector, OVECCOUNT);
+ PCRE2_SIZE len = (suffix_len ? suffix_offset : work_len) - prefix_len - prefix_offset;
+ match_data = pcre2_match_data_create_from_pattern(g->word_regexp, NULL);
+ if (!match_data) {
+ log_error("allocation error %s", strerror(errno));
+ goto err;
+ }
+ rc = pcre2_match(g->word_regexp, (PCRE2_SPTR8)s, len, 0, 0, match_data, NULL);
if (rc > 0) {
- match = NULL;
- pcre_get_substring(s, ovector, rc, 0, &match);
- trim((char *)match, g->whitespace);
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
+ match = strndup(s + ovector[0], ovector[1] - ovector[0]);
+ if (!match) {
+ log_error("allocation error %s", strerror(errno));
+ goto err;
+ }
+ trim(match, g->whitespace);
if (*match) {
- char *p = triml((char *)match, g->whitespace);
+ char *p = triml(match, g->whitespace);
while (p && *p) {
int plen = strlen(p);
unsigned int i;
@@ -1223,9 +1273,13 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
memset(work + suffix_offset, '#', suffix_len);
memset(s + ovector[0], '#', ovector[1] - ovector[0]);
}
- pcre_free((void *)match);
+ free(match);
match = NULL;
+ } else if (rc != PCRE2_ERROR_NOMATCH) {
+ log_error("compute_raw_from_trans: word matching error for input '%s' for substring '%s': %d\n", level, s, rc);
}
+ pcre2_match_data_free(match_data);
+ match_data = NULL;
}
/* YYY */
complete=1;
@@ -1264,10 +1318,11 @@ err:
mls_level_destroy(mraw);
free(mraw);
free(work);
- pcre_free((void *)match);
+ free(match);
ebitmap_destroy(&tmp);
ebitmap_destroy(&set);
ebitmap_destroy(&clear);
+ pcre2_match_data_free(match_data);
return NULL;
}
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
index 9dfe772332b4..a48f4e72acc0 100644
--- a/mcstrans/utils/Makefile
+++ b/mcstrans/utils/Makefile
@@ -14,13 +14,13 @@ endif
all: $(TARGETS)
transcon: transcon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
- $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(PCRE_LDLIBS) -lselinux $(LDLIBS_LIBSEPOLA)
untranscon: untranscon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
- $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(PCRE_LDLIBS) -lselinux $(LDLIBS_LIBSEPOLA)
%.o: %.c
- $(CC) $(CFLAGS) -D_GNU_SOURCE -I../src -fPIE -c -o $@ $<
+ $(CC) $(CFLAGS) $(PCRE_CFLAGS) -D_GNU_SOURCE -I../src -fPIE -c -o $@ $<
install: all
-mkdir -p $(DESTDIR)$(SBINDIR)
--
2.33.1

180
SOURCES/secolor.conf.8 Normal file
View File

@ -0,0 +1,180 @@
.TH "secolor.conf" "8" "08 April 2011" "SELinux API documentation"
.SH "NAME"
secolor.conf \- The SELinux color configuration file
.
.SH "DESCRIPTION"
The
.I /etc/selinux/{SELINUXTYPE}/secolor.conf
configuation file controls the color to be associated to the context components associated to the
.I raw
context passed by
.BR selinux_raw_context_to_color "(3),"
when context related information is to be displayed in color by an SELinux-aware application.
.sp
.BR selinux_raw_context_to_color "(3)"
obtains this color information from the active policy
.B secolor.conf
file as returned by
.BR selinux_colors_path "(3)."
.
.SH "FILE FORMAT"
The file format is as follows:
.RS
.B color
.I color_name
.BI "= #"color_mask
.br
[...]
.sp
.I context_component string
.B =
.I fg_color_name bg_color_name
.br
[...]
.sp
.RE
Where:
.br
.B color
.RS
The color keyword. Each color entry is on a new line.
.RE
.I color_name
.RS
A single word name for the color (e.g. red).
.RE
.I color_mask
.RS
A color mask starting with a hash (#) that describes the hexadecimal RGB colors with black being #000000 and white being #ffffff.
.RE
.I context_component
.RS
The context component name that must be one of the following:
.br
.RS
user, role, type or range
.RE
Each
.IR context_component " " string " ..."
entry is on a new line.
.RE
.I string
.RS
This is the
.I context_component
string that will be matched with the
.I raw
context component passed by
.BR selinux_raw_context_to_color "(3)."
.br
A wildcard '*' may be used to match any undefined string for the user, role and type
.I context_component
entries only.
.RE
.I fg_color_name
.RS
The color_name string that will be used as the foreground color.
A
.I color_mask
may also be used.
.RE
.I bg_color_name
.RS
The color_name string that will be used as the background color.
A
.I color_mask
may also be used.
.RE
.
.SH "EXAMPLES"
Example 1 entries are:
.RS
color black = #000000
.br
color green = #008000
.br
color yellow = #ffff00
.br
color blue = #0000ff
.br
color white = #ffffff
.br
color red = #ff0000
.br
color orange = #ffa500
.br
color tan = #D2B48C
.sp
user * = black white
.br
role * = white black
.br
type * = tan orange
.br
range s0\-s0:c0.c1023 = black green
.br
range s1\-s1:c0.c1023 = white green
.br
range s3\-s3:c0.c1023 = black tan
.br
range s5\-s5:c0.c1023 = white blue
.br
range s7\-s7:c0.c1023 = black red
.br
range s9\-s9:c0.c1023 = black orange
.br
range s15:c0.c1023 = black yellow
.RE
.sp
Example 2 entries are:
.RS
color black = #000000
.br
color green = #008000
.br
color yellow = #ffff00
.br
color blue = #0000ff
.br
color white = #ffffff
.br
color red = #ff0000
.br
color orange = #ffa500
.br
color tan = #d2b48c
.sp
user unconfined_u = #ff0000 green
.br
role unconfined_r = red #ffffff
.br
type unconfined_t = red orange
.br
user user_u = black green
.br
role user_r = white black
.br
type user_t = tan red
.br
user xguest_u = black yellow
.br
role xguest_r = black red
.br
type xguest_t = black green
.br
user sysadm_u = white black
.br
range s0:c0.c1023 = black white
.br
user * = black white
.br
role * = black white
.br
type * = black white
.RE
.
.SH "SEE ALSO"
.BR mcstransd "(8), " selinux_raw_context_to_color "(3), " selinux_colors_path "(3)"

350
SPECS/mcstrans.spec Normal file
View File

@ -0,0 +1,350 @@
Summary: SELinux Translation Daemon
Name: mcstrans
Version: 3.3
Release: 2%{?dist}
License: GPL+
Url: https://github.com/SELinuxProject/selinux/wiki
Source: https://github.com/SELinuxProject/selinux/releases/download/3.3/mcstrans-3.3.tar.gz
Source2: secolor.conf.8
# fedora-selinux/selinux: git format-patch -N 3.3 -- mcstrans
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start
Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
Patch0002: 0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
Patch0003: 0003-mcstrans-Do-not-accept-incomplete-contexts.patch
Patch0004: 0004-mcstrans-fix-RESOURCE_LEAK-CWE-772.patch
Patch0005: 0005-mcstrans-avoid-missing-prototypes.patch
Patch0006: 0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch
# Patch list end
BuildRequires: gcc
BuildRequires: make
BuildRequires: libselinux-devel >= %{version}
BuildRequires: libcap-devel pcre2-devel libsepol-devel libsepol-static
BuildRequires: systemd
Requires: pcre2
%{?systemd_requires}
Provides: setransd
Provides: libsetrans
%description
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
mcstrans provides an translation daemon to translate SELinux categories
from internal representations to user defined representation.
%prep
%autosetup -p 2 -n mcstrans-%{version}
%build
%set_build_flags
%make_build LIBDIR="%{_libdir}"
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/%{_lib}
mkdir -p %{buildroot}/%{_libdir}
mkdir -p %{buildroot}%{_usr}/share/mcstrans
mkdir -p %{buildroot}%{_sysconfdir}/selinux/mls/setrans.d
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" SBINDIR="%{_sbindir}"
rm -f %{buildroot}%{_libdir}/*.a
cp -r share/* %{buildroot}%{_usr}/share/mcstrans/
# Systemd
mkdir -p %{buildroot}%{_unitdir}
ln -s %{_unitdir}/mcstrans.service %{buildroot}/%{_unitdir}/mcstransd.service
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
%post
%systemd_post mcstransd.service
%preun
%systemd_preun mcstransd.service
%postun
%systemd_postun mcstransd.service
%files
%{_mandir}/man8/mcs.8.gz
%{_mandir}/man8/mcstransd.8.gz
%{_mandir}/man5/setrans.conf.5.gz
%{_mandir}/ru/man8/mcs.8.gz
%{_mandir}/ru/man8/mcstransd.8.gz
%{_mandir}/ru/man5/setrans.conf.5.gz
%{_mandir}/man8/secolor.conf.8.gz
/usr/sbin/mcstransd
%{_unitdir}/mcstrans.service
%{_unitdir}/mcstransd.service
%dir %{_sysconfdir}/selinux/mls/setrans.d
%dir %{_usr}/share/mcstrans
%defattr(0644,root,root,0755)
%dir %{_usr}/share/mcstrans/util
%dir %{_usr}/share/mcstrans/examples
%{_usr}/share/mcstrans/examples/*
%defattr(0755,root,root,0755)
%{_usr}/share/mcstrans/util/*
%changelog
* Fri Dec 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
- Port to new PCRE2 from end-of-life PCRE
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
- SELinux userspace 3.3 release
* Mon Oct 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
- SELinux userspace 3.3-rc3 release
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
- SELinux userspace 3.3-rc2 release
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Aug 5 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
- Fix RESOURCE_LEAK (CWE-772)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Mar 9 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
- SELinux userspace 3.2 release
* Sun Feb 7 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1
- SELinux userspace 3.2-rc2 release
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1
- SELinux userspace 3.2-rc1 release
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 3.1-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
- SELinux userspace 3.1 release
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
- SELinux userspace 3.0 release
* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
- SELinux userspace 3.0-rc1 release candidate
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Mar 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
- SELinux userspace 2.9-rc2 release
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 30 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
- Update to mcstrans-2.9-rc1
* Tue Oct 2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
- Update to mcstrans-2.8
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Mar 19 2014 Karsten Hopp |karsten@redhat.com> - 0.3.4-4
- fix changelog order so that it builds with a recent rpm
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-3
- Make mcstrans PIE and fully relro
- Resolves: #983268
* Tue Oct 15 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-2
- Add RELRO support for long running services
* Thu Sep 12 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.4-1
- Update to latest version/applying patches
- Move binary to /usr/sbin rather then /sbin
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 0.3.3-7
- Add secolor.conf.5 man page
- Make mcstransd watch for content being written to /run/setrans for files names containing translations.
-- This will allow apps like libvirt to write content nameing randomly selected MCS labels
- Fix memory leak in mcstransd
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 0.3.3-4
- Rebuild against PCRE 8.30
* Thu Feb 2 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-3
- Fix the systemd service file
* Wed Feb 1 2012 Dan Walsh <dwalsh@redhat.com> - 0.3.3-2
- Update to upstream
- Write pid file
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.2-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 5 2011 Ted X Toth <txtoth@gmail.com> - 0.3.2-0
- Add constraints
- Add setrans.conf man page
- Fix mixed raw and translated range bug
- Moved todo comments to TODO file
* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 0.3.1-4
- Add mcstransd man page
* Thu Sep 17 2009 Miroslav Grepl <mgrepl@redhat.com> 0.3.1-3
- Fix init script
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Feb 5 2009 Joe Nall <joe@nall.com> 0.3.1-1
- Rewrite translations to allow individual word/category mapping
- Eamon Walsh's color mapping changes
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.2.11-2
- fix license tag
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 0.2.11-1
- More fixes from Jim Meyering
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.10-1
- More error checking on failed strdup
* Tue May 6 2008 Dan Walsh <dwalsh@redhat.com> 0.2.9-1
- Start mcstrans before netlabel
* Mon Apr 14 2008 Dan Walsh <dwalsh@redhat.com> 0.2.8-1
- Fix error handling
* Tue Feb 12 2008 Dan Walsh <dwalsh@redhat.com> 0.2.7-2
- Rebuild for gcc 4.3
* Tue Oct 30 2007 Steve Conklin <sconklin@redhat.com> - 0.2.7-1
- Folded current patches into tarball
* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-3
- Fixed a compile problem with max_categories
* Thu Oct 25 2007 Steve Conklin <sconklin@redhat.com> - 0.2.6-2
- Fixed some init script errors
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 0.2.6-1
- Check for max_categories and error out
* Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 0.2.5-1
- Fix case where s0=""
* Mon Feb 26 2007 Dan Walsh <dwalsh@redhat.com> 0.2.4-1
- Translate range if fully specified correctly
* Mon Feb 12 2007 Dan Walsh <dwalsh@redhat.com> 0.2.3-1
- Additional fix to handle ssh root/sysadm_r/s0:c1,c2
Resolves: #224637
* Mon Feb 5 2007 Dan Walsh <dwalsh@redhat.com> 0.2.1-1
- Rewrite to handle MLS properly
Resolves: #225355
* Mon Jan 29 2007 Dan Walsh <dwalsh@redhat.com> 0.1.10-2
- Cleanup memory when complete
* Mon Dec 4 2006 Dan Walsh <dwalsh@redhat.com> 0.1.10-1
- Fix Memory Leak
Resolves: #218173
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 0.1.9-1
- Add -pie
- Fix compiler warnings
- Fix Memory Leak
Resolves: #218173
* Wed Sep 13 2006 Peter Jones <pjones@redhat.com> - 0.1.8-3
- Fix subsys locking in init script
* Wed Aug 23 2006 Dan Walsh <dwalsh@redhat.com> 0.1.8-1
- Only allow one version to run
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - sh: line 0: fg: no job control
- rebuild
* Mon Jun 19 2006 Dan Walsh <dwalsh@redhat.com> 0.1.7-1
- Apply sgrubb patch to only call getpeercon on translations
* Tue Jun 6 2006 Dan Walsh <dwalsh@redhat.com> 0.1.6-1
- Exit gracefully when selinux is not enabled
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.5-1
- Fix sighup handling
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 0.1.4-1
- Add patch from sgrubb
- Fix 64 bit size problems
- Increase the open file limit
- Make sure maximum size is not exceeded
* Fri May 12 2006 Dan Walsh <dwalsh@redhat.com> 0.1.3-1
- Move initscripts to /etc/rc.d/init.d
* Thu May 11 2006 Dan Walsh <dwalsh@redhat.com> 0.1.2-1
- Drop Privs
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 0.1.1-1
- Initial Version
- This daemon reuses the code from libsetrans