ANN: SELinux userspace 3.7-rc1 release

All of lore.kernel.org
 help / color / mirror / Atom feed

* ANN: SELinux userspace 3.7-rc1 release
@ 2024-05-22 17:35 Petr Lautrbach
  0 siblings, 0 replies; only message in thread
From: Petr Lautrbach @ 2024-05-22 17:35 UTC (permalink / raw)
  To: selinux

Hello!

The 3.7-rc1 release for the SELinux userspace is now available at:

https://github.com/SELinuxProject/selinux/wiki/Releases

I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/bachradsusi.gpg

Thanks to all the contributors, reviewers, testers and reporters!

If you miss something important not mentioned bellow, please let me know.

User-visible changes
--------------------

* `audit2allow -C` for CIL output mode

* sepolgen: adjust parse for refpolicy

* semanage: Allow modifying records on "add"

* semanage: Do not sort local fcontext definitions

* Improved man pages

* Code improvements and bug fixes

Shortlog of the changes since 3.6 release
-----------------------------------------
Christian Göttsche (66):
      libselinux/man: mention errno for regex compilation failure
      libselinux/man: sync selinux_check_securetty_context(3)
      libselinux/utils: free allocated resources
      libselinux/utils: improve compute_av output
      libselinux: align SELABEL_OPT_DIGEST usage with man page
      libselinux: fail selabel_open(3) on invalid option
      libselinux: use logging wrapper in getseuser(3) and get_default_context(3) family
      libselinux: support huge passwd/group entries
      libsemanage: support huge passwd entries
      libselinux: enable usage with pedantic UB sanitizers
      setfiles: avoid unsigned integer underflow
      libsepol: reorder calloc(3) arguments
      libselinux: reorder calloc(3) arguments
      sandbox: do not override warning CFLAGS
      mcstrans: check memory allocations
      libselinux: use reentrant strtok_r(3)
      checkpolicy: add libfuzz based fuzzer
      checkpolicy: cleanup resources on parse error
      checkpolicy: cleanup identifiers on error
      checkpolicy: free ebitmap on error
      checkpolicy: check allocation and free memory on error at type definition
      checkpolicy: clean expression on error
      checkpolicy: call YYABORT on parse errors
      checkpolicy: bail out on invalid role
      libsepol: use typedef
      checkpolicy: provide more descriptive error messages
      checkpolicy: free temporary bounds type
      checkpolicy: avoid assigning garbage values
      checkpolicy: misc policy_define.c cleanup
      libsepol: ensure transitivity in compare functions
      libsepol/cil: ensure transitivity in compare functions
      mcstrans: ensure transitivity in compare functions
      sepolgen: adjust parse for refpolicy
      checkpolicy/fuzz: drop redundant notdefined check
      checkpolicy: clone level only once
      checkpolicy: return YYerror on invalid character
      libsepol: reject MLS support in pre-MLS policies
      checkpolicy/fuzz: scan Xen policies
      libselinux/utils/selabel_digest: drop unsupported option -d
      libselinux/utils/selabel_digest: cleanup
      libselinux/utils/selabel_digest: avoid buffer overflow
      libselinux: free data on selabel open failure
      libselinux/utils/selabel_digest: pass BASEONLY only for file backend
      libselinux: avoid logs in get_ordered_context_list() without policy
      checkpolicy: use YYerror only when available
      checkpolicy: handle unprintable token
      checkpolicy: free identifiers on invalid typebounds
      checkpolicy: update error diagnostic
      checkpolicy: include <ctype.h> for isprint(3)
      checkpolicy/fuzz: override YY_FATAL_ERROR
      libsepol: validate access vector permissions
      checkpolicy: drop never read member
      checkpolicy: drop union stack_item_u
      checkpolicy: free complete role_allow_rule on error
      libsepol: constify function pointer arrays
      libsepol: improve policy lookup failure message
      checkpolicy/tests: add test for splitting xperm rule
      checkpolicy: declare file local variable static
      checkpolicy: drop global policyvers variable
      github: bump Python and Ruby versions
      libsepol: validate class permissions
      libselinux/man: correct file extension of man pages
      libselinux/man: sync const qualifiers
      libselinux/man: use void in synopses
      libselinux/man: add format attribute for set_matchpathcon_printf(3)
      libselinux: constify selinux_set_mapping(3) parameter

Fabrice Fontaine (1):
      libsepol/src/Makefile: fix reallocarray detection

James Carter (7):
      libselinux: Fix ordering of arguments to calloc
      libsepol: Use a dynamic buffer in sepol_av_to_string()
      checkpolicy, libsepol: Fix potential double free of mls_level_t
      checkpolicy/fuzz: Update check_level() to use notdefined field
      libsepol: Fix buffer overflow when using sepol_av_to_string()
      libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks
      libsepol/cil: Check common perms when verifiying "all"

Petr Lautrbach (1):
      Update VERSIONs to 3.7-rc1 for release.

Topi Miettinen (1):
      audit2allow: CIL output mode

Vit Mojzis (3):
      python/semanage: Do not sort local fcontext definitions
      python/semanage: Allow modifying records on "add"
      libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-05-22 17:35 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-22 17:35 ANN: SELinux userspace 3.7-rc1 release Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.