Compare commits
24 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
0b29d6cd2e | ||
|
ac469b67ba | ||
|
0c88d59904 | ||
|
dd1b58bd65 | ||
|
a651d8437e | ||
|
ffd2e4c289 | ||
|
d164bb379f | ||
|
01c69ecfe7 | ||
|
8470afd9ba | ||
|
b331e3efae | ||
|
33b516c32a | ||
|
761671ba4f | ||
|
46110192c7 | ||
|
bbc75fbd05 | ||
|
0a457d8a7d | ||
|
2691d9eb87 | ||
|
be175c33f3 | ||
|
129e25b354 | ||
|
88cf29637c | ||
|
c18c8d18f3 | ||
|
1e0cf5160d | ||
|
8404acb311 | ||
|
58844f3d47 | ||
|
915bad59b2 |
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
||||
+1
|
13
.gitignore
vendored
13
.gitignore
vendored
@ -30,3 +30,16 @@ mcstrans-0.3.1.tgz
|
||||
/mcstrans-3.0-rc1.tar.gz
|
||||
/mcstrans-3.0.tar.gz
|
||||
/mcstrans-3.1.tar.gz
|
||||
/mcstrans-3.2-rc1.tar.gz
|
||||
/mcstrans-3.2-rc2.tar.gz
|
||||
/mcstrans-3.2.tar.gz
|
||||
/mcstrans-3.3-rc2.tar.gz
|
||||
/mcstrans-3.3-rc3.tar.gz
|
||||
/mcstrans-3.3.tar.gz
|
||||
/mcstrans-3.4-rc1.tar.gz
|
||||
/mcstrans-3.4-rc3.tar.gz
|
||||
/mcstrans-3.4.tar.gz
|
||||
/mcstrans-3.5-rc1.tar.gz
|
||||
/mcstrans-3.5-rc2.tar.gz
|
||||
/mcstrans-3.5-rc3.tar.gz
|
||||
/mcstrans-3.5.tar.gz
|
||||
|
@ -1,129 +0,0 @@
|
||||
From a9eae01e435c2d6f13f3672a50f545bab03e9992 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Wed, 28 Nov 2018 18:28:05 +0100
|
||||
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
|
||||
defects
|
||||
|
||||
---
|
||||
mcstrans/src/mcstrans.c | 21 +++++++++++++++++++--
|
||||
mcstrans/src/mcstransd.c | 4 +++-
|
||||
2 files changed, 22 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index 96bdbdff7d8b..0d9d0f3e25b7 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
|
||||
|
||||
map->raw = strdup(raw);
|
||||
if (!map->raw) {
|
||||
+ free(map);
|
||||
goto err;
|
||||
}
|
||||
map->trans = strdup(trans);
|
||||
if (!map->trans) {
|
||||
+ free(map->raw);
|
||||
+ free(map);
|
||||
goto err;
|
||||
}
|
||||
|
||||
log_debug(" add_cache (%s,%s)\n", raw, trans);
|
||||
- if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0)
|
||||
+ if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0) {
|
||||
+ free(map->trans);
|
||||
+ free(map->raw);
|
||||
+ free(map);
|
||||
goto err;
|
||||
+ }
|
||||
|
||||
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
|
||||
goto err;
|
||||
@@ -1519,6 +1526,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
trans = compute_trans_from_raw(range, domain);
|
||||
if (trans)
|
||||
if (add_cache(domain, range, trans) < 0) {
|
||||
+ free(trans);
|
||||
free(range);
|
||||
return -1;
|
||||
}
|
||||
@@ -1530,6 +1538,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
ltrans = compute_trans_from_raw(lrange, domain);
|
||||
if (ltrans) {
|
||||
if (add_cache(domain, lrange, ltrans) < 0) {
|
||||
+ free(ltrans);
|
||||
free(range);
|
||||
return -1;
|
||||
}
|
||||
@@ -1548,6 +1557,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
utrans = compute_trans_from_raw(urange, domain);
|
||||
if (utrans) {
|
||||
if (add_cache(domain, urange, utrans) < 0) {
|
||||
+ free(utrans);
|
||||
free(ltrans);
|
||||
free(range);
|
||||
return -1;
|
||||
@@ -1647,14 +1657,19 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(raw, domain);
|
||||
if (canonical && strcmp(canonical, range))
|
||||
if (add_cache(domain, raw, canonical) < 0) {
|
||||
+ free(canonical);
|
||||
free(range);
|
||||
+ free(raw);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
- if (canonical)
|
||||
+ if (canonical) {
|
||||
free(canonical);
|
||||
+ free(raw);
|
||||
+ }
|
||||
if (add_cache(domain, raw, range) < 0) {
|
||||
free(range);
|
||||
+ free(raw);
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
@@ -1672,6 +1687,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(lraw, domain);
|
||||
if (canonical)
|
||||
if (add_cache(domain, lraw, canonical) < 0) {
|
||||
+ free(canonical);
|
||||
free(lraw);
|
||||
free(range);
|
||||
return -1;
|
||||
@@ -1703,6 +1719,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(uraw, domain);
|
||||
if (canonical)
|
||||
if (add_cache(domain, uraw, canonical) < 0) {
|
||||
+ free(canonical);
|
||||
free(uraw);
|
||||
free(lraw);
|
||||
free(range);
|
||||
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
|
||||
index 858994932e4f..a1ec81acb3c8 100644
|
||||
--- a/mcstrans/src/mcstransd.c
|
||||
+++ b/mcstrans/src/mcstransd.c
|
||||
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
|
||||
/* Setup pollfd for deletion later. */
|
||||
(*ufds)[ii].fd = -1;
|
||||
close(connfd);
|
||||
+ connfd = -1;
|
||||
/* So we don't get bothered later */
|
||||
revents = revents & ~(POLLHUP);
|
||||
}
|
||||
@@ -348,10 +349,11 @@ process_events(struct pollfd **ufds, int *nfds)
|
||||
/* Set the pollfd up for deletion later. */
|
||||
(*ufds)[ii].fd = -1;
|
||||
close(connfd);
|
||||
+ connfd = -1;
|
||||
|
||||
revents = revents & ~(POLLHUP);
|
||||
}
|
||||
- if (revents) {
|
||||
+ if (revents && connfd != -1) {
|
||||
syslog(LOG_ERR, "Unknown/error events (%x) encountered"
|
||||
" for fd (%d)\n", revents, connfd);
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
@ -1,28 +0,0 @@
|
||||
From d09b54cfffaa3923c22bb3ff7818cb4a19325905 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 9 May 2019 16:44:43 +0200
|
||||
Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
|
||||
|
||||
---
|
||||
mcstrans/src/mcstrans.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index 0d9d0f3e25b7..29cadb78b62c 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -1663,10 +1663,8 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
- if (canonical) {
|
||||
+ if (canonical)
|
||||
free(canonical);
|
||||
- free(raw);
|
||||
- }
|
||||
if (add_cache(domain, raw, range) < 0) {
|
||||
free(range);
|
||||
free(raw);
|
||||
--
|
||||
2.23.0
|
||||
|
@ -1,59 +0,0 @@
|
||||
From 0173a950563b23080fd40433f55efcb1d6b77923 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 15 Apr 2019 15:22:51 +0200
|
||||
Subject: [PATCH] mcstrans: Do not accept incomplete contexts
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Fixes:
|
||||
$ python3
|
||||
> import selinux
|
||||
> selinux.selinux_raw_context_to_color("xyz_u:xyz_r:xyz_t:")
|
||||
|
||||
Traceback (most recent call last):
|
||||
File "<stdin>", line 2, in <module>
|
||||
OSError: [Errno 0] Error
|
||||
|
||||
:: [ 10:25:45 ] :: [ BEGIN ] :: Running 'service mcstransd status'
|
||||
Redirecting to /bin/systemctl status mcstransd.service
|
||||
● mcstrans.service - Translates SELinux MCS/MLS labels to human readable form
|
||||
Loaded: loaded (/usr/lib/systemd/system/mcstrans.service; disabled; vendor preset: disabled)
|
||||
Active: failed (Result: core-dump) since Fri 2019-04-12 10:25:44 EDT; 1s ago
|
||||
Process: 16681 ExecStart=/sbin/mcstransd -f (code=dumped, signal=SEGV)
|
||||
Main PID: 16681 (code=dumped, signal=SEGV)
|
||||
|
||||
systemd[1]: mcstrans.service: Main process exited, code=dumped, status=11/SEGV
|
||||
systemd[1]: mcstrans.service: Failed with result 'core-dump'.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
mcstrans/src/mcscolor.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
|
||||
index 4ee0db507ef2..3a3a6de9a02b 100644
|
||||
--- a/mcstrans/src/mcscolor.c
|
||||
+++ b/mcstrans/src/mcscolor.c
|
||||
@@ -272,10 +272,14 @@ static const unsigned precedence[N_COLOR][N_COLOR - 1] = {
|
||||
static const secolor_t default_color = { 0x000000, 0xffffff };
|
||||
|
||||
static int parse_components(context_t con, char **components) {
|
||||
- components[COLOR_USER] = (char *)context_user_get(con);
|
||||
- components[COLOR_ROLE] = (char *)context_role_get(con);
|
||||
- components[COLOR_TYPE] = (char *)context_type_get(con);
|
||||
- components[COLOR_RANGE] = (char *)context_range_get(con);
|
||||
+ if ((components[COLOR_USER] = (char *)context_user_get(con)) == NULL)
|
||||
+ return -1;
|
||||
+ if ((components[COLOR_ROLE] = (char *)context_role_get(con)) == NULL)
|
||||
+ return -1;
|
||||
+ if ((components[COLOR_TYPE] = (char *)context_type_get(con)) == NULL)
|
||||
+ return -1;
|
||||
+ if ((components[COLOR_RANGE] = (char *)context_range_get(con)) == NULL)
|
||||
+ return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
2.23.0
|
||||
|
@ -1,23 +1,21 @@
|
||||
Summary: SELinux Translation Daemon
|
||||
Name: mcstrans
|
||||
Version: 3.1
|
||||
Release: 3%{?dist}
|
||||
License: GPL+
|
||||
Version: 3.5
|
||||
Release: 1%{?dist}
|
||||
License: GPL-2.0-or-later
|
||||
Url: https://github.com/SELinuxProject/selinux/wiki
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/mcstrans-3.1.tar.gz
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/3.5/mcstrans-3.5.tar.gz
|
||||
Source2: secolor.conf.8
|
||||
# fedora-selinux/selinux: git format-patch -N mcstrans-3.1 -- mcstrans
|
||||
# fedora-selinux/selinux: git format-patch -N 3.3 -- mcstrans
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
# Patch list start
|
||||
Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
|
||||
Patch0002: 0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
|
||||
Patch0003: 0003-mcstrans-Do-not-accept-incomplete-contexts.patch
|
||||
# Patch list end
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: libselinux-devel >= %{version}
|
||||
BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
|
||||
BuildRequires: libcap-devel pcre2-devel libsepol-devel libsepol-static
|
||||
BuildRequires: systemd
|
||||
Requires: pcre
|
||||
Requires: pcre2
|
||||
%{?systemd_requires}
|
||||
Provides: setransd
|
||||
Provides: libsetrans
|
||||
@ -56,7 +54,7 @@ rm -f %{buildroot}%{_libdir}/*.a
|
||||
cp -r share/* %{buildroot}%{_usr}/share/mcstrans/
|
||||
# Systemd
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
ln -s %{_unitdir}/mcstrans.service %{buildroot}/%{_unitdir}/mcstransd.service
|
||||
ln -s mcstrans.service %{buildroot}/%{_unitdir}/mcstransd.service
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
|
||||
install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
||||
|
||||
@ -93,6 +91,73 @@ install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
||||
%{_usr}/share/mcstrans/util/*
|
||||
|
||||
%changelog
|
||||
* Fri Feb 24 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
|
||||
- SELinux userspace 3.5 release
|
||||
|
||||
* Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
|
||||
- SELinux userspace 3.5-rc3 release
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-0.rc2.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
|
||||
- SELinux userspace 3.5-rc2 release
|
||||
|
||||
* Tue Dec 27 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
|
||||
- SELinux userspace 3.5-rc1 release
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
|
||||
- rebuilt
|
||||
|
||||
* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
|
||||
- SELinux userspace 3.4 release
|
||||
|
||||
* Tue May 10 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc3.1
|
||||
- SELinux userspace 3.4-rc3 release
|
||||
|
||||
* Fri Apr 22 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
|
||||
- SELinux userspace 3.4-rc2 release
|
||||
|
||||
* Wed Apr 13 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
|
||||
- SELinux userspace 3.4-rc1 release
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Fri Dec 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
|
||||
- Port to new PCRE2 from end-of-life PCRE
|
||||
|
||||
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
|
||||
- SELinux userspace 3.3 release
|
||||
|
||||
* Mon Oct 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
|
||||
- SELinux userspace 3.3-rc3 release
|
||||
|
||||
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
|
||||
- SELinux userspace 3.3-rc2 release
|
||||
|
||||
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
|
||||
- Rebase on upstream commit 32611aea6543
|
||||
|
||||
* Tue Jul 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-2
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Tue Mar 9 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
|
||||
- SELinux userspace 3.2 release
|
||||
|
||||
* Sun Feb 7 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1
|
||||
- SELinux userspace 3.2-rc2 release
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Fri Jan 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1
|
||||
- SELinux userspace 3.2-rc1 release
|
||||
|
||||
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 3.1-3
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
8
plans/selinux.fmf
Normal file
8
plans/selinux.fmf
Normal file
@ -0,0 +1,8 @@
|
||||
summary: selinux tests - Tier 1 | mcstrans
|
||||
discover:
|
||||
how: fmf
|
||||
url: https://src.fedoraproject.org/tests/selinux
|
||||
filter: "component:mcstrans"
|
||||
execute:
|
||||
how: tmt
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (mcstrans-3.1.tar.gz) = 21e9b7a8c9d98cbee61f2eb1c440a51d19ac111a5955c24d365a8784e1aa34fb47a22a108e550c8a4cde4f25ec5afc466126a68e9faedfc796bef83eada93b60
|
||||
SHA512 (mcstrans-3.5.tar.gz) = f4d3b04750e197c6abd31f1642af4b53a4fe0e968952a7ade992909f903d7486c1e72733963453563fcbc9745273c8238f169f520550df1470e7f6e4d6e56665
|
||||
|
Loading…
Reference in New Issue
Block a user