From: Jason Zaman <jason@perfinion.com>
To: selinux@vger.kernel.org
Subject: ANN: SELinux userspace 3.5-rc1 release
Date: Thu, 22 Dec 2022 16:26:44 -0800 [thread overview]
Message-ID: <Y6T1xJm1nUeInWPL@anduin.perfinion.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 7269 bytes --]
Hello!
The 3.5-rc1 release for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/perfinion.gpg
Thanks to all the contributors, reviewers, testers and reporters!
With Kind Regards,
Jason Zaman
User-visible changes
--------------------
* Maintainer GPG fingerprints added to /SECURITY.md
* Remove dependency on the deprecated Python module distutils and install via pip
* semodule option --rebuild-if-modules-changed was renamed to --refresh
* Translation updated and better handling for unsupported languages
* fixfiles: Unmount temporary bind mounts on SIGINT
* sepolicy: Several python and GTK updates
* libsepol: Stricter policy validation
* A lot of static code analyse issues, fuzzer issues and compiler warnings fixed
* Bug fixes
Development-relevant changes
----------------------------
* ci: Run on Fedora36 instead of F34
Shortlog of the changes since 3.4 release
-----------------------------------------
Christian Göttsche (52):
libselinux: declare return value of context_str(3) const
semodule: avoid toctou on output module
libselinux: simplify policy path logic to avoid uninitialized read
libselinux: add header guard for internal header
libselinux: introduce strlcpy
libselinux: check for truncations
libselinux: add man page redirections
libselinux: enclose macro definition in parenthesis
libselinux: name parameters in context.h
libselinux: declare parameter of security_load_policy(3) const
python/audit2allow: close file stream on error
libsepol: fix validation of user declarations in modules
checkpolicy: error out if required permission would exceed limit
libselinux: restorecon: avoid printing NULL pointer
libsepol: avoid potential NULL dereference on optional parameter
libsepol/utils: improve wording
libsepol: do not modify policy during write
libselinux: set errno to EBADF on O_PATH emulation ENOENT failure
libsepol: break circular include
libsepol: include necessary headers in headers
libsepol: enclose macro parameters and replacement lists in parentheses
libsepol/tests: add ebitmap tests
libsepol: add ebitmap_init_range
libsepol/cil: use ebitmap_init_range
libsepol: optimize ebitmap_not
libsepol: optimize ebitmap_and
libsepol: optimize ebitmap_xor
libsepol: skip superfluous memset calls in ebitmap operations
libsepol: rename validate_policydb to policydb_validate
libsepol: support const avtab_t pointer in avtab_map()
libsepol: operate on const pointers during validation
libsepol: rename parameter name
libsepol: more strict validation
libsepol: refactor ebitmap conversion in link.c
libselinux: avoid newline in avc message
checkpolicy: use strict function prototype for definitions
restorecond: use strict function prototype for definition
ci: bump versions in GitHub Actions
scripts/ci: use F36 image instead of F34
scripts: ignore Flake8 tag E275
Ignore egg-info directories and clean them
libselinux: support objname in compute_create
libsepol/cil: restore error on context rule conflicts
libselinux: simplify string copying
checkpolicy: simplify string copying
libsepol: simplify string copying
libselinux: drop set but not used internal variable
libsepol/tests: use more strict compiler options
libsepol/tests: add tests for neverallow assertions
libselinux: make use of strndup
libselinux: bail out on path truncations
libselinux: filter arguments with path separators
Dominick Grift (1):
secilc/doc: classmap is also allowed in permissionx
Elijah Conners (1):
python: remove IOError in certain cases
James Carter (8):
docs: Add GPG fingerprints
python: Do not query the local database if the fcontext is non-local
libselinux: Remove dependency on the Python module distutils
libsemanage: Remove dependency on the Python module distutils
python: Remove dependency on the Python module distutils
scripts: Remove dependency on the Python module distutils
README.md: Remove mention of python3-distutils dependency
Revert "Use `pip install` instead of `setup.py install`"
Jason Zaman (3):
libselinux: Ignore installed when installing python bindings to DESTDIR
python: Ignore installed when installing to DESTDIR
Update VERSIONs to 3.5-rc1 for release.
Jie Lu (3):
libselinux: fix memory leaks on the audit2why module init
libselinux: fix some memory issues in db_init
libselinux:add check for malloc
Juraj Marcin (2):
libsepol: fix missing double quotes in typetransition CIL rule
checkpolicy: avoid passing NULL pointer to memset()
Matt Sheets (1):
libsemanage: Allow user to set SYSCONFDIR
Nicolas Iooss (3):
libselinux: do not return the cached prev_current value when using getpidcon()
libsepol: initialize s in constraint_expr_eval_reason
CircleCI: do not add Debian-specific parameter when invoking setup.py
Ondrej Mosnacek (2):
libsemanage: always write kernel policy when check_ext_changes is specified
semodule: rename --rebuild-if-modules-changed to --refresh
Paul Moore (3):
docs: add Paul Moore's GPG fingerprint
docs: provide a top level LICENSE file
docs: update the README.md with a basic SELinux description
Petr Lautrbach (16):
Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
libsepol: Drop unused assignment
gui: Fix export file chooser dialog
sandbox: Do not try to remove tmpdir twice if uid == 0
sandbox: Use temporary directory for XDG_RUNTIME_DIR
python: Fix typo in audit2allow.1 example
python/sepolicy: Fix sepolicy manpage -w ...
python/sepolicy: Use distro module to get os version
python/sepolicy: Simplify generation of man pages
fixfiles: Unmount temporary bind mounts on SIGINT
Fix E275 missing whitespace after keyword
Use `pip install` instead of `setup.py install`
sepolicy: Switch main selection menu to GtkPopover
python: Fix detection of sepolicy.glade location
sepolicy: Call os.makedirs() with exist_ok=True
Use `pip install` instead of `setup.py install`
Thiébaud Weksteen (1):
libselinux: ignore invalid class name lookup
Vit Mojzis (7):
python: Split "semanage import" into two transactions
gettext: handle unsupported languages properly
Update translations
python: Harden tools against "rogue" modules
libselinux: Ignore missing directories when -i is used
checkpolicy: Improve error message for type bounds
libsemanage: Use more conscious language
bauen1 (2):
secilc/docs: fix syntax highlighting
secilc/docs: disable pandoc default css for html docs
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 963 bytes --]
reply other threads:[~2022-12-23 0:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y6T1xJm1nUeInWPL@anduin.perfinion.com \
--to=jason@perfinion.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.