ANN: SELinux userspace 3.8-rc1 release

All of lore.kernel.org
 help / color / mirror / Atom feed

* ANN: SELinux userspace 3.8-rc1 release
@ 2024-11-27 18:53 Petr Lautrbach
  0 siblings, 0 replies; only message in thread
From: Petr Lautrbach @ 2024-11-27 18:53 UTC (permalink / raw)
  To: SElinux list

Hello!

The 3.8-rc1 release for the SELinux userspace is now available at:

https://github.com/SELinuxProject/selinux/wiki/Releases

I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/bachradsusi.gpg

Thanks to all the contributors, reviewers, testers and reporters!

If you miss something important not mentioned bellow, please let me
know.

User-visible changes
--------------------

* libsemanage: Preserve file context and ownership in policy store

* libselinux: deprecate security_disable(3)

* libsepol: Support nlmsg extended permissions
 
* libsepol: Add policy capability netlink_xperm

* libsemanage: Optionally allow duplicate declarations

* policycoreutils: introduce unsetfiles

* libselinux/utils: introduce selabel_compare

* improved selabel_lookup performance

* libselinux: support parallel usage of selabel_lookup(3)

* libsepol: add support for xperms in conditional policies

* Improved man pages

* Code improvements and bug fixes

Shortlog of the changes since 3.7 release
-----------------------------------------
Christian Göttsche (70):
      libselinux: deprecate security_disable(3)
      libselinux: avoid errno modification by fclose(3)
      selinux: free memory in error branch
      libsemanage: check for rewind(3) failure
      selinux: set missing errno in failure branch
      checkpolicy/fuzz: fix setjmp condition
      policycoreutils: introduce unsetfiles
      libselinux/utils: introduce selabel_compare
      libselinux: use more appropriate types in sidtab
      libselinux: add unique id to sidtab entries
      libselinux: sidtab updates
      libselinux: rework selabel_file(5) database
      libselinux: remove unused hashtab code
      libselinux: add selabel_file(5) fuzzer
      libselinux: support parallel selabel_lookup(3)
      checkpolicy: avoid memory leaks on redeclarations
      checkpolicy: avoid leak of identifier on required attribute
      libsepol: misc assertion cleanup
      libsepol: add support for xperms in conditional policies
      checkpolicy: add support for xperms in conditional policies
      libsepol/cil: add support for xperms in conditional policies
      libsepol: indent printed allow rule on assertion failure
      libsepol/tests: add cond xperm neverallow tests
      libsemanage: white space cleanup
      libsemanage: fix typo
      libsemanage: drop unused macro
      libsemanage: drop dead assignments
      libsemanage: drop dead variable
      libsemanage: drop unnecessary declarations
      libsemanage: drop unnecessary return statements
      libsemanage: drop duplicate include
      libsemanage: drop const from function declaration
      libsemanage: check memory allocations
      libsemanage: use unlink on non directory
      libsemanage: free resources on failed connect attempt
      libsemanage: declare file local function tables static
      libsemanage: avoid const dropping casts
      libsemanage: cast to unsigned char for character checking functions
      libsemanage: drop casts to same type
      libsemanage: fix asprintf error branch
      libsemanage: avoid leak on realloc failure
      libsemanage: use strtok_r for thread safety
      libsemanage: free ibdev names in semanage_ibendport_validate_local()
      libsemanage: simplify malloc plus strcpy via strndup
      libsemanage: check for path formatting failures
      libsemanage: introduce write_full wrapper
      libsemanage: more strict value parsing
      libsemanage: constify function pointer structures
      libsemanage: simplify loop exit
      libsemanage: constify read only parameters and variables
      libsemanage: avoid misc function pointer casts
      libsemanage: adjust sizes to avoid implicit truncations
      libsemanage: use asprintf(3) to simplify code
      libsemanage: use size_t for hash input sizes
      libsemanage: drop macros used once
      libsemanage: drop dead code
      libsemanage: preserve errno during internal logging
      libsemanage: avoid strerror(3)
      libsemanage: avoid writing directly to stderr
      libsemanage: skip sort of empty arrays
      libsemanage/tests: misc cleanup
      libsemanage: set O_CLOEXEC flag for file descriptors
      libsemanage: handle cil_set_handle_unknown() failure
      libsemanage: handle shell allocation failure
      libsemanage: drop duplicate newlines and error descriptions in error messages
      libsemanage: check closing written files
      libsemanage: simplify file deletion
      libsemanage: optimize policy by default
      libsemanage/man: add documentation for command overrides
      libsemanage: respect shell paths with /usr prefix

Dmitry Sharshakov (2):
      sepolgen: initialize gen_cil
      policygen: respect CIL option when generating comments

Fabian Vogt (2):
      restorecond: Set GLib IO channels to binary mode
      restorecond: Set GLib IO channels to nonblocking

James Carter (7):
      checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix
      libselinux: Fix integer comparison issues when compiling for 32-bit
      libsepol/cil: Allow dotted names in aliasactual rules
      checkpolicy: Fix MLS users in optional blocks
      libsepol/cil: Optionally allow duplicate role declarations
      libsemanage: Optionally allow duplicate declarations
      libsepol: Remove special handling of roles in module_to_cil.c

Petr Lautrbach (6):
      libselinux: set free'd data to NULL
      libselinux: fix swig bindings for 4.3.0
      libsemanage: fix swig bindings for 4.3.0
      libsemanage: open lock_file with O_RDWR
      fixfiles: use `grep -F` when search in mounts
      Update VERSIONs to 3.8-rc1 for release.

Stephen Smalley (1):
      libselinux: formally deprecate security_compute_user()

Thiébaud Weksteen (5):
      libsepol: Rename ioctl xperms structures and functions
      libsepol: Support nlmsg extended permissions
      libsepol: Add policy capability netlink_xperm
      libselinux: rename hashtab functions
      libsepol: Support nlmsg xperms in assertions

Vit Mojzis (11):
      libselinux/restorecon: Include <selinux/label.h>
      libsemanage: Preserve file context and ownership in policy store
      libsepol/sepol_compute_sid: Do not destroy uninitialized context
      libsepol/cil: Check that sym_index is within bounds
      libsepol/cil: Initialize avtab_datum on declaration
      libsepol/mls: Do not destroy context on memory error
      libsepol/cil/cil_post: Initialize tmp on declaration
      libsepol: Initialize "strs" on declaration
      libselinux/setexecfilecon: Remove useless rc check
      libselinux/matchpathcon: RESOURCE_LEAK: Variable "con"
      libsemanage/direct_api: INTEGER_OVERFLOW read_len = read()


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-11-27 18:53 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-27 18:53 ANN: SELinux userspace 3.8-rc1 release Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.