Compare commits
No commits in common. "f35" and "master" have entirely different histories.
6
.gitignore
vendored
6
.gitignore
vendored
@ -30,9 +30,3 @@ mcstrans-0.3.1.tgz
|
|||||||
/mcstrans-3.0-rc1.tar.gz
|
/mcstrans-3.0-rc1.tar.gz
|
||||||
/mcstrans-3.0.tar.gz
|
/mcstrans-3.0.tar.gz
|
||||||
/mcstrans-3.1.tar.gz
|
/mcstrans-3.1.tar.gz
|
||||||
/mcstrans-3.2-rc1.tar.gz
|
|
||||||
/mcstrans-3.2-rc2.tar.gz
|
|
||||||
/mcstrans-3.2.tar.gz
|
|
||||||
/mcstrans-3.3-rc2.tar.gz
|
|
||||||
/mcstrans-3.3-rc3.tar.gz
|
|
||||||
/mcstrans-3.3.tar.gz
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 58a11e55120de4700d4e874dee0d8c36d13caedd Mon Sep 17 00:00:00 2001
|
From a9eae01e435c2d6f13f3672a50f545bab03e9992 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Wed, 28 Nov 2018 18:28:05 +0100
|
Date: Wed, 28 Nov 2018 18:28:05 +0100
|
||||||
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
|
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
|
||||||
@ -10,7 +10,7 @@ Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
|
|||||||
2 files changed, 22 insertions(+), 3 deletions(-)
|
2 files changed, 22 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||||
index e92dfddb0d20..d0690e6b0dca 100644
|
index 96bdbdff7d8b..0d9d0f3e25b7 100644
|
||||||
--- a/mcstrans/src/mcstrans.c
|
--- a/mcstrans/src/mcstrans.c
|
||||||
+++ b/mcstrans/src/mcstrans.c
|
+++ b/mcstrans/src/mcstrans.c
|
||||||
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
|
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
|
||||||
@ -38,7 +38,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||||||
|
|
||||||
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
|
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
|
||||||
goto err;
|
goto err;
|
||||||
@@ -1520,6 +1527,7 @@ trans_context(const char *incon, char **rcon) {
|
@@ -1519,6 +1526,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||||
trans = compute_trans_from_raw(range, domain);
|
trans = compute_trans_from_raw(range, domain);
|
||||||
if (trans)
|
if (trans)
|
||||||
if (add_cache(domain, range, trans) < 0) {
|
if (add_cache(domain, range, trans) < 0) {
|
||||||
@ -46,7 +46,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||||||
free(range);
|
free(range);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -1531,6 +1539,7 @@ trans_context(const char *incon, char **rcon) {
|
@@ -1530,6 +1538,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||||
ltrans = compute_trans_from_raw(lrange, domain);
|
ltrans = compute_trans_from_raw(lrange, domain);
|
||||||
if (ltrans) {
|
if (ltrans) {
|
||||||
if (add_cache(domain, lrange, ltrans) < 0) {
|
if (add_cache(domain, lrange, ltrans) < 0) {
|
||||||
@ -54,7 +54,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||||||
free(range);
|
free(range);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -1549,6 +1558,7 @@ trans_context(const char *incon, char **rcon) {
|
@@ -1548,6 +1557,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||||
utrans = compute_trans_from_raw(urange, domain);
|
utrans = compute_trans_from_raw(urange, domain);
|
||||||
if (utrans) {
|
if (utrans) {
|
||||||
if (add_cache(domain, urange, utrans) < 0) {
|
if (add_cache(domain, urange, utrans) < 0) {
|
||||||
@ -62,7 +62,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||||||
free(ltrans);
|
free(ltrans);
|
||||||
free(range);
|
free(range);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1648,14 +1658,19 @@ untrans_context(const char *incon, char **rcon) {
|
@@ -1647,14 +1657,19 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||||
canonical = compute_trans_from_raw(raw, domain);
|
canonical = compute_trans_from_raw(raw, domain);
|
||||||
if (canonical && strcmp(canonical, range))
|
if (canonical && strcmp(canonical, range))
|
||||||
if (add_cache(domain, raw, canonical) < 0) {
|
if (add_cache(domain, raw, canonical) < 0) {
|
||||||
@ -83,7 +83,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@@ -1673,6 +1688,7 @@ untrans_context(const char *incon, char **rcon) {
|
@@ -1672,6 +1687,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||||
canonical = compute_trans_from_raw(lraw, domain);
|
canonical = compute_trans_from_raw(lraw, domain);
|
||||||
if (canonical)
|
if (canonical)
|
||||||
if (add_cache(domain, lraw, canonical) < 0) {
|
if (add_cache(domain, lraw, canonical) < 0) {
|
||||||
@ -91,7 +91,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||||||
free(lraw);
|
free(lraw);
|
||||||
free(range);
|
free(range);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1704,6 +1720,7 @@ untrans_context(const char *incon, char **rcon) {
|
@@ -1703,6 +1719,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||||
canonical = compute_trans_from_raw(uraw, domain);
|
canonical = compute_trans_from_raw(uraw, domain);
|
||||||
if (canonical)
|
if (canonical)
|
||||||
if (add_cache(domain, uraw, canonical) < 0) {
|
if (add_cache(domain, uraw, canonical) < 0) {
|
||||||
@ -100,7 +100,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||||||
free(lraw);
|
free(lraw);
|
||||||
free(range);
|
free(range);
|
||||||
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
|
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
|
||||||
index 59c152e73be1..5191fc98ef06 100644
|
index 858994932e4f..a1ec81acb3c8 100644
|
||||||
--- a/mcstrans/src/mcstransd.c
|
--- a/mcstrans/src/mcstransd.c
|
||||||
+++ b/mcstrans/src/mcstransd.c
|
+++ b/mcstrans/src/mcstransd.c
|
||||||
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
|
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
|
||||||
@ -125,5 +125,5 @@ index 59c152e73be1..5191fc98ef06 100644
|
|||||||
" for fd (%d)\n", revents, connfd);
|
" for fd (%d)\n", revents, connfd);
|
||||||
|
|
||||||
--
|
--
|
||||||
2.32.0
|
2.23.0
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From 7a170534163ab9d9159dddfadb996587d98fe30e Mon Sep 17 00:00:00 2001
|
From d09b54cfffaa3923c22bb3ff7818cb4a19325905 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Thu, 9 May 2019 16:44:43 +0200
|
Date: Thu, 9 May 2019 16:44:43 +0200
|
||||||
Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
|
Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
|
||||||
@ -8,10 +8,10 @@ Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
|
|||||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||||
|
|
||||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||||
index d0690e6b0dca..8678418a1570 100644
|
index 0d9d0f3e25b7..29cadb78b62c 100644
|
||||||
--- a/mcstrans/src/mcstrans.c
|
--- a/mcstrans/src/mcstrans.c
|
||||||
+++ b/mcstrans/src/mcstrans.c
|
+++ b/mcstrans/src/mcstrans.c
|
||||||
@@ -1664,10 +1664,8 @@ untrans_context(const char *incon, char **rcon) {
|
@@ -1663,10 +1663,8 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -24,5 +24,5 @@ index d0690e6b0dca..8678418a1570 100644
|
|||||||
free(range);
|
free(range);
|
||||||
free(raw);
|
free(raw);
|
||||||
--
|
--
|
||||||
2.32.0
|
2.23.0
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
From a6e2b2287254b2880e8697707f10bd303ffcc06a Mon Sep 17 00:00:00 2001
|
From 0173a950563b23080fd40433f55efcb1d6b77923 Mon Sep 17 00:00:00 2001
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
Date: Mon, 15 Apr 2019 15:22:51 +0200
|
Date: Mon, 15 Apr 2019 15:22:51 +0200
|
||||||
Subject: [PATCH] mcstrans: Do not accept incomplete contexts
|
Subject: [PATCH] mcstrans: Do not accept incomplete contexts
|
||||||
@ -32,7 +32,7 @@ Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|||||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
|
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
|
||||||
index a38388501db5..94421a58dee4 100644
|
index 4ee0db507ef2..3a3a6de9a02b 100644
|
||||||
--- a/mcstrans/src/mcscolor.c
|
--- a/mcstrans/src/mcscolor.c
|
||||||
+++ b/mcstrans/src/mcscolor.c
|
+++ b/mcstrans/src/mcscolor.c
|
||||||
@@ -272,10 +272,14 @@ static const unsigned precedence[N_COLOR][N_COLOR - 1] = {
|
@@ -272,10 +272,14 @@ static const unsigned precedence[N_COLOR][N_COLOR - 1] = {
|
||||||
@ -55,5 +55,5 @@ index a38388501db5..94421a58dee4 100644
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
--
|
--
|
||||||
2.32.0
|
2.23.0
|
||||||
|
|
||||||
|
@ -1,63 +0,0 @@
|
|||||||
From a98f2f8f2f1c14646ec9c80faecf14e9bf4bbd2c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Thu, 5 Aug 2021 16:26:44 +0200
|
|
||||||
Subject: [PATCH] mcstrans: fix RESOURCE_LEAK (CWE-772)
|
|
||||||
|
|
||||||
Fixes:
|
|
||||||
Error: RESOURCE_LEAK (CWE-772): [#def1]
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1527: alloc_fn: Storage is returned from allocation function "compute_trans_from_raw".
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1527: var_assign: Assigning: "trans" = storage returned from "compute_trans_from_raw(range, domain)".
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1529: noescape: Resource "trans" is not freed or pointed-to in "add_cache".
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1515: overwrite_var: Overwriting "trans" in "trans = find_in_hashtable(range, domain, domain->raw_to_trans)" leaks the storage that "trans" points to.
|
|
||||||
# 1513| domain_t *domain = domains;
|
|
||||||
# 1514| for (;domain; domain = domain->next) {
|
|
||||||
# 1515|-> trans = find_in_hashtable(range, domain, domain->raw_to_trans);
|
|
||||||
# 1516| if (trans) break;
|
|
||||||
# 1517|
|
|
||||||
|
|
||||||
Error: RESOURCE_LEAK (CWE-772): [#def2]
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1654: alloc_fn: Storage is returned from allocation function "compute_raw_from_trans".
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1654: var_assign: Assigning: "raw" = storage returned from "compute_raw_from_trans(range, domain)".
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1656: noescape: Resource "raw" is not freed or pointed-to in "find_in_hashtable".
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1669: noescape: Resource "raw" is not freed or pointed-to in "add_cache".
|
|
||||||
mcstrans-3.2/src/mcstrans.c:1642: overwrite_var: Overwriting "raw" in "raw = find_in_hashtable(range, domain, domain->trans_to_raw)" leaks the storage that "raw" points to.
|
|
||||||
# 1640| domain_t *domain = domains;
|
|
||||||
# 1641| for (;domain; domain = domain->next) {
|
|
||||||
# 1642|-> raw = find_in_hashtable(range, domain, domain->trans_to_raw);
|
|
||||||
# 1643| if (raw) break;
|
|
||||||
# 1644|
|
|
||||||
|
|
||||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
---
|
|
||||||
mcstrans/src/mcstrans.c | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
|
||||||
index 8678418a1570..4e110e02f73a 100644
|
|
||||||
--- a/mcstrans/src/mcstrans.c
|
|
||||||
+++ b/mcstrans/src/mcstrans.c
|
|
||||||
@@ -1598,6 +1598,10 @@ trans_context(const char *incon, char **rcon) {
|
|
||||||
}
|
|
||||||
if (dashp)
|
|
||||||
*dashp = '-';
|
|
||||||
+ if (trans) {
|
|
||||||
+ free(trans);
|
|
||||||
+ trans = NULL;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
if (trans) {
|
|
||||||
@@ -1769,6 +1773,10 @@ untrans_context(const char *incon, char **rcon) {
|
|
||||||
}
|
|
||||||
if (dashp)
|
|
||||||
*dashp = '-';
|
|
||||||
+ if (raw) {
|
|
||||||
+ free(raw);
|
|
||||||
+ raw = NULL;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
if (raw) {
|
|
||||||
--
|
|
||||||
2.32.0
|
|
||||||
|
|
@ -1,21 +1,19 @@
|
|||||||
Summary: SELinux Translation Daemon
|
Summary: SELinux Translation Daemon
|
||||||
Name: mcstrans
|
Name: mcstrans
|
||||||
Version: 3.3
|
Version: 3.1
|
||||||
Release: 1%{?dist}
|
Release: 3%{?dist}
|
||||||
License: GPL+
|
License: GPL+
|
||||||
Url: https://github.com/SELinuxProject/selinux/wiki
|
Url: https://github.com/SELinuxProject/selinux/wiki
|
||||||
Source: https://github.com/SELinuxProject/selinux/releases/download/3.3/mcstrans-3.3.tar.gz
|
Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/mcstrans-3.1.tar.gz
|
||||||
Source2: secolor.conf.8
|
Source2: secolor.conf.8
|
||||||
# fedora-selinux/selinux: git format-patch -N 3.3 -- mcstrans
|
# fedora-selinux/selinux: git format-patch -N mcstrans-3.1 -- mcstrans
|
||||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||||
# Patch list start
|
# Patch list start
|
||||||
Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
|
Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
|
||||||
Patch0002: 0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
|
Patch0002: 0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
|
||||||
Patch0003: 0003-mcstrans-Do-not-accept-incomplete-contexts.patch
|
Patch0003: 0003-mcstrans-Do-not-accept-incomplete-contexts.patch
|
||||||
Patch0004: 0004-mcstrans-fix-RESOURCE_LEAK-CWE-772.patch
|
|
||||||
# Patch list end
|
# Patch list end
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: make
|
|
||||||
BuildRequires: libselinux-devel >= %{version}
|
BuildRequires: libselinux-devel >= %{version}
|
||||||
BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
|
BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd
|
||||||
@ -95,34 +93,6 @@ install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
|||||||
%{_usr}/share/mcstrans/util/*
|
%{_usr}/share/mcstrans/util/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
|
|
||||||
- SELinux userspace 3.3 release
|
|
||||||
|
|
||||||
* Mon Oct 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
|
|
||||||
- SELinux userspace 3.3-rc3 release
|
|
||||||
|
|
||||||
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
|
|
||||||
- SELinux userspace 3.3-rc2 release
|
|
||||||
|
|
||||||
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
|
|
||||||
- Rebase on upstream commit 32611aea6543
|
|
||||||
|
|
||||||
* Tue Jul 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-2
|
|
||||||
- Second attempt - Rebuilt for
|
|
||||||
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Mar 9 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
|
|
||||||
- SELinux userspace 3.2 release
|
|
||||||
|
|
||||||
* Sun Feb 7 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1
|
|
||||||
- SELinux userspace 3.2-rc2 release
|
|
||||||
|
|
||||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Jan 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1
|
|
||||||
- SELinux userspace 3.2-rc1 release
|
|
||||||
|
|
||||||
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 3.1-3
|
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 3.1-3
|
||||||
- Use make macros
|
- Use make macros
|
||||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (mcstrans-3.3.tar.gz) = 2157a0361bb5a2bc8e149373b2dd7d9b042f8c4c0aa845ae6967a23d9b875d2dcd6176d99d7f8f15e17eb5877fea60814e19aabfe76950d25b75c9c25df811c2
|
SHA512 (mcstrans-3.1.tar.gz) = 21e9b7a8c9d98cbee61f2eb1c440a51d19ac111a5955c24d365a8784e1aa34fb47a22a108e550c8a4cde4f25ec5afc466126a68e9faedfc796bef83eada93b60
|
||||||
|
Loading…
Reference in New Issue
Block a user