From: Petr Lautrbach <lautrbach@redhat.com>
To: SElinux list <selinux@vger.kernel.org>
Subject: ANN: SELinux userspace 3.8-rc1 release
Date: Wed, 27 Nov 2024 19:53:21 +0100 [thread overview]
Message-ID: <87mshkv78e.fsf@redhat.com> (raw)
Hello!
The 3.8-rc1 release for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/bachradsusi.gpg
Thanks to all the contributors, reviewers, testers and reporters!
If you miss something important not mentioned bellow, please let me
know.
User-visible changes
--------------------
* libsemanage: Preserve file context and ownership in policy store
* libselinux: deprecate security_disable(3)
* libsepol: Support nlmsg extended permissions
* libsepol: Add policy capability netlink_xperm
* libsemanage: Optionally allow duplicate declarations
* policycoreutils: introduce unsetfiles
* libselinux/utils: introduce selabel_compare
* improved selabel_lookup performance
* libselinux: support parallel usage of selabel_lookup(3)
* libsepol: add support for xperms in conditional policies
* Improved man pages
* Code improvements and bug fixes
Shortlog of the changes since 3.7 release
-----------------------------------------
Christian Göttsche (70):
libselinux: deprecate security_disable(3)
libselinux: avoid errno modification by fclose(3)
selinux: free memory in error branch
libsemanage: check for rewind(3) failure
selinux: set missing errno in failure branch
checkpolicy/fuzz: fix setjmp condition
policycoreutils: introduce unsetfiles
libselinux/utils: introduce selabel_compare
libselinux: use more appropriate types in sidtab
libselinux: add unique id to sidtab entries
libselinux: sidtab updates
libselinux: rework selabel_file(5) database
libselinux: remove unused hashtab code
libselinux: add selabel_file(5) fuzzer
libselinux: support parallel selabel_lookup(3)
checkpolicy: avoid memory leaks on redeclarations
checkpolicy: avoid leak of identifier on required attribute
libsepol: misc assertion cleanup
libsepol: add support for xperms in conditional policies
checkpolicy: add support for xperms in conditional policies
libsepol/cil: add support for xperms in conditional policies
libsepol: indent printed allow rule on assertion failure
libsepol/tests: add cond xperm neverallow tests
libsemanage: white space cleanup
libsemanage: fix typo
libsemanage: drop unused macro
libsemanage: drop dead assignments
libsemanage: drop dead variable
libsemanage: drop unnecessary declarations
libsemanage: drop unnecessary return statements
libsemanage: drop duplicate include
libsemanage: drop const from function declaration
libsemanage: check memory allocations
libsemanage: use unlink on non directory
libsemanage: free resources on failed connect attempt
libsemanage: declare file local function tables static
libsemanage: avoid const dropping casts
libsemanage: cast to unsigned char for character checking functions
libsemanage: drop casts to same type
libsemanage: fix asprintf error branch
libsemanage: avoid leak on realloc failure
libsemanage: use strtok_r for thread safety
libsemanage: free ibdev names in semanage_ibendport_validate_local()
libsemanage: simplify malloc plus strcpy via strndup
libsemanage: check for path formatting failures
libsemanage: introduce write_full wrapper
libsemanage: more strict value parsing
libsemanage: constify function pointer structures
libsemanage: simplify loop exit
libsemanage: constify read only parameters and variables
libsemanage: avoid misc function pointer casts
libsemanage: adjust sizes to avoid implicit truncations
libsemanage: use asprintf(3) to simplify code
libsemanage: use size_t for hash input sizes
libsemanage: drop macros used once
libsemanage: drop dead code
libsemanage: preserve errno during internal logging
libsemanage: avoid strerror(3)
libsemanage: avoid writing directly to stderr
libsemanage: skip sort of empty arrays
libsemanage/tests: misc cleanup
libsemanage: set O_CLOEXEC flag for file descriptors
libsemanage: handle cil_set_handle_unknown() failure
libsemanage: handle shell allocation failure
libsemanage: drop duplicate newlines and error descriptions in error messages
libsemanage: check closing written files
libsemanage: simplify file deletion
libsemanage: optimize policy by default
libsemanage/man: add documentation for command overrides
libsemanage: respect shell paths with /usr prefix
Dmitry Sharshakov (2):
sepolgen: initialize gen_cil
policygen: respect CIL option when generating comments
Fabian Vogt (2):
restorecond: Set GLib IO channels to binary mode
restorecond: Set GLib IO channels to nonblocking
James Carter (7):
checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix
libselinux: Fix integer comparison issues when compiling for 32-bit
libsepol/cil: Allow dotted names in aliasactual rules
checkpolicy: Fix MLS users in optional blocks
libsepol/cil: Optionally allow duplicate role declarations
libsemanage: Optionally allow duplicate declarations
libsepol: Remove special handling of roles in module_to_cil.c
Petr Lautrbach (6):
libselinux: set free'd data to NULL
libselinux: fix swig bindings for 4.3.0
libsemanage: fix swig bindings for 4.3.0
libsemanage: open lock_file with O_RDWR
fixfiles: use `grep -F` when search in mounts
Update VERSIONs to 3.8-rc1 for release.
Stephen Smalley (1):
libselinux: formally deprecate security_compute_user()
Thiébaud Weksteen (5):
libsepol: Rename ioctl xperms structures and functions
libsepol: Support nlmsg extended permissions
libsepol: Add policy capability netlink_xperm
libselinux: rename hashtab functions
libsepol: Support nlmsg xperms in assertions
Vit Mojzis (11):
libselinux/restorecon: Include <selinux/label.h>
libsemanage: Preserve file context and ownership in policy store
libsepol/sepol_compute_sid: Do not destroy uninitialized context
libsepol/cil: Check that sym_index is within bounds
libsepol/cil: Initialize avtab_datum on declaration
libsepol/mls: Do not destroy context on memory error
libsepol/cil/cil_post: Initialize tmp on declaration
libsepol: Initialize "strs" on declaration
libselinux/setexecfilecon: Remove useless rc check
libselinux/matchpathcon: RESOURCE_LEAK: Variable "con"
libsemanage/direct_api: INTEGER_OVERFLOW read_len = read()
reply other threads:[~2024-11-27 18:53 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mshkv78e.fsf@redhat.com \
--to=lautrbach@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.