* ANN: SELinux userspace 3.7
@ 2024-06-26 17:51 Petr Lautrbach
0 siblings, 0 replies; only message in thread
From: Petr Lautrbach @ 2024-06-26 17:51 UTC (permalink / raw)
To: selinux
Hello!
The 3.7 release for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/bachradsusi.gpg
Thanks to all the contributors, reviewers, testers and reporters!
User-visible changes
--------------------
* `audit2allow -C` for CIL output mode
* sepolgen: adjust parse for refpolicy
* semanage: Allow modifying records on "add"
* semanage: Do not sort local fcontext definitions
* Improved man pages
* checkpolicy: support CIDR notation for nodecon statements
* sandbox: Add support for Wayland
* Code improvements and bug fixes
Shortlog of the changes since 3.7 release
-----------------------------------------
Christian Göttsche (84):
libselinux/man: mention errno for regex compilation failure
libselinux/man: sync selinux_check_securetty_context(3)
libselinux/utils: free allocated resources
libselinux/utils: improve compute_av output
libselinux: align SELABEL_OPT_DIGEST usage with man page
libselinux: fail selabel_open(3) on invalid option
libselinux: use logging wrapper in getseuser(3) and get_default_context(3) family
libselinux: support huge passwd/group entries
libsemanage: support huge passwd entries
libselinux: enable usage with pedantic UB sanitizers
setfiles: avoid unsigned integer underflow
libsepol: reorder calloc(3) arguments
libselinux: reorder calloc(3) arguments
sandbox: do not override warning CFLAGS
mcstrans: check memory allocations
libselinux: use reentrant strtok_r(3)
checkpolicy: add libfuzz based fuzzer
checkpolicy: cleanup resources on parse error
checkpolicy: cleanup identifiers on error
checkpolicy: free ebitmap on error
checkpolicy: check allocation and free memory on error at type definition
checkpolicy: clean expression on error
checkpolicy: call YYABORT on parse errors
checkpolicy: bail out on invalid role
libsepol: use typedef
checkpolicy: provide more descriptive error messages
checkpolicy: free temporary bounds type
checkpolicy: avoid assigning garbage values
checkpolicy: misc policy_define.c cleanup
libsepol: ensure transitivity in compare functions
libsepol/cil: ensure transitivity in compare functions
mcstrans: ensure transitivity in compare functions
sepolgen: adjust parse for refpolicy
checkpolicy/fuzz: drop redundant notdefined check
checkpolicy: clone level only once
checkpolicy: return YYerror on invalid character
libsepol: reject MLS support in pre-MLS policies
checkpolicy/fuzz: scan Xen policies
libselinux/utils/selabel_digest: drop unsupported option -d
libselinux/utils/selabel_digest: cleanup
libselinux/utils/selabel_digest: avoid buffer overflow
libselinux: free data on selabel open failure
libselinux/utils/selabel_digest: pass BASEONLY only for file backend
libselinux: avoid logs in get_ordered_context_list() without policy
checkpolicy: use YYerror only when available
checkpolicy: handle unprintable token
checkpolicy: free identifiers on invalid typebounds
checkpolicy: update error diagnostic
checkpolicy: include <ctype.h> for isprint(3)
checkpolicy/fuzz: override YY_FATAL_ERROR
libsepol: validate access vector permissions
checkpolicy: drop never read member
checkpolicy: drop union stack_item_u
checkpolicy: free complete role_allow_rule on error
libsepol: constify function pointer arrays
libsepol: improve policy lookup failure message
checkpolicy/tests: add test for splitting xperm rule
checkpolicy: declare file local variable static
checkpolicy: drop global policyvers variable
github: bump Python and Ruby versions
libsepol: validate class permissions
libselinux/man: correct file extension of man pages
libselinux/man: sync const qualifiers
libselinux/man: use void in synopses
libselinux/man: add format attribute for set_matchpathcon_printf(3)
libselinux: constify selinux_set_mapping(3) parameter
libsepol: reject self flag in type rules in old policies
libsepol: only exempt gaps checking for kernel policies
libsepol: validate type-attribute-map for old policies
libsepol: include prefix for module policy versions
checkpolicy: perform contiguous check in host byte order
checkpolicy: support CIDR notation for nodecon statements
libselinux: free empty scandir(3) result
libselinux: avoid pointer dereference before check
mcstrans: free constraint in error branch
libsepol: hashtab: save one comparison on hit
libsepol: move unchanged data out of loop
libsepol: rework permission enabled check
checkpolicy: reject duplicate nodecon statements
libsepol: validate attribute-type maps
tree-wide: fix misc typos
libsepol: contify function pointer arrays
libselinux: constify avc_open(3) parameter
libsepol: check scope permissions refer to valid class
Fabrice Fontaine (1):
libsepol/src/Makefile: fix reallocarray detection
James Carter (8):
libselinux: Fix ordering of arguments to calloc
libsepol: Use a dynamic buffer in sepol_av_to_string()
checkpolicy, libsepol: Fix potential double free of mls_level_t
checkpolicy/fuzz: Update check_level() to use notdefined field
libsepol: Fix buffer overflow when using sepol_av_to_string()
libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks
libsepol/cil: Check common perms when verifiying "all"
libsepol: Do not reject all type rules in conditionals when validating
Petr Lautrbach (9):
Update VERSIONs to 3.7-rc1 for release.
sandbox: do not fail without xmodmap
sandbox: do not run window manager if it's not a session
seunshare: Add [ -P pipewiresocket ] [ -W waylandsocket ] options
sandbox: Add support for Wayland
Update VERSIONs to 3.7-rc2 for release.
fixfiles: drop unnecessary \ line endings
Update VERSIONs to 3.7-rc3 for release.
Release 3.7
Topi Miettinen (1):
audit2allow: CIL output mode
Vit Mojzis (3):
python/semanage: Do not sort local fcontext definitions
python/semanage: Allow modifying records on "add"
libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-06-26 17:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-26 17:51 ANN: SELinux userspace 3.7 Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.