ANN: SELinux userspace 3.11-rc2 release

ANN: SELinux userspace 3.11-rc2 release

[Petr Lautrbach]

Hello!

The 3.11-rc2 release for the SELinux userspace is now available at:

https://github.com/SELinuxProject/selinux/releases/tag/3.11-rc2
https://github.com/SELinuxProject/selinux/wiki/Releases

I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/bachradsusi.gpg

Thanks to all the contributors, reviewers, testers and reporters!

If you miss something important not mentioned bellow, please let me
know.

User-visible changes since 3.11-rc1
-----------------------------------

- Bug fixes

Development-relevant changes
----------------------------

- Improved ci and refactored ci build into a custom GH action
- libselinux and python use system Python3 build module

Shortlog of the changes since 3.11-rc1 release
----------------------------------------------
Cathy Hu (1):
      libsemanage: avoid "all" as requirement for SWIGSO/SWIGRUBYSO (bsc#1266385)

Chris PeBenito (3):
      ci: Refactor build into a custom GH action.
      ci: Explicitly set bash shell in build-userspace action
      ci: Add additional output grouping in build-userspace action.

Christian Göttsche (16):
      Makefile: support custom clang-format binary
      libselinux: bounds-check serialized regex length before PCRE2 decode
      libselinux: reject invalid file_kind in compiled fcontext loader
      libselinux: avoid out-of-bounds read on empty failsafe_context line
      libselinux: validate netlink message length before accessing payload
      libselinux: use size_t for index
      libselinux: drop trailing returns
      sandbox: drop unused macro
      policycoreutils: declare local variables static
      policycoreutils: drop unused macros
      restorecond: declare local variables static
      mcstrans: check context_range_set(3) for failure
      secon: check selinux_raw_to_trans_context(3) for failure
      restorecond: warn on selinux_restorecon(3) failure
      restorecond: drop unused macros and variables
      Consistently use NULL as pointer constant

Cristian Rodríguez (1):
      libselinux: Do not clobber errno of the world

Fabrice Fontaine (1):
      libselinux/src/se_linux_internal.c: include stdint.h

James Carter (8):
      secilc/secilcheck: Exit with an error for an assertion violation
      Have clang-format ignore auto-generated files
      libsepol/cil: Fix type confusion when writing policy.conf from CIL
      secilc/secilcheck: Remove extra sepol_policydb_free(pdb)
      libsepol/cil: Add check for too large of file size
      secilc/secil2tree: Test for stdout rather than stdin
      libsepol: Ensure dst gets set when copying range transitions
      libsepol/cil: Need to add to the length rather assigning it

Marcos Freitas de Morais (1):
      secilc/docs: Adjusted correct statement keyword

Pepper Gray (1):
      add test for fts_* availability

Petr Lautrbach (4):
      ci: install necessary build python module
      libselinux,python: Use system Python3 build module
      Add check_format Github CI job
      Update VERSIONs to 3.11-rc2 for release.

Rahul Sandhu (1):
      libsepol: cil_resolve_ast: add in a CIL_SRC_INFO for the copied data

Renato Caldas (1):
      libselinux: restore: drop the obsolete LSF transitional API.

Robert Frohl (1):
      sandbox/sandbox: fix saving file changes

Sergei Trofimovich (1):
      libselinux: drop long deprecated `-Wstrict-overflow=5` flag

Stephen Smalley (29):
      restorecond: avoid busy-loop when watch list is empty
      libselinux: selinux_restorecon: add flag to skip multilink files
      restorecond: Use new SELINUX_RESTORECON_SKIP_MULTILINK flag
      restorecond: pin watched directories
      mcstrans: fix UAF on SIGHUP
      mcstrans: handle NULL domain
      mcstrans: mcscolor: handle NULL my_context
      mcstrans: cap max clients
      mcstrans: set receive timeout on accepted client sockets
      mcstrans: cap the per-domain translation cache
      libsemanage: fix OOB cleanup in semanage_direct_list()
      libselinux: serialize legacy compat_validate() callbacks
      libselinux: fix selinux_status_updated() for MAP_FAILED case
      libselinux: restorecon_xattr: clear dir_xattr_* after freeing
      libselinux: selabel_close: only call func_close if set
      libselinux: audit2why: clear static variables on init failure
      libsemanage: genhomdircon: handle NULL bsearch() in get_users()
      libselinux: label: ensure specfile_list is NULL-terminated
      mcstrans: fix glob() error checking
      restorecond: fix glob() error checking
      restorecond: avoid clobbering last character of config line
      restorecond: delete unused code
      libselinux: fix REQUIRESEUSERS true/false handling
      libsemanage: genhomedircon: fix STR_COMPARATOR() passed to lfind()
      checkpolicy: drop fscon statement support
      libsemanage: bunzip: guard against size overflow
      libselinux: label_backends_android: fix non-anti-symmetric cmp function
      libselinux: label_file: prevent num_specs overflow
      libselinux: digest_gen_hash(): reduce the chunk size for Sha1Update() calls

Yi Zhao (1):
      sepolicy: set conf.substitutions['releasever'] to empty str when releasever is None

netliomax25-code (2):
      sestatus: null-terminate process and file check entries
      libselinux: avoid out-of-bounds access on zero-length lines