ANN: SELinux userspace 3.5-rc1 release

All of lore.kernel.org
 help / color / mirror / Atom feed

* ANN: SELinux userspace 3.5-rc1 release
@ 2022-12-23  0:26 Jason Zaman
  0 siblings, 0 replies; only message in thread
From: Jason Zaman @ 2022-12-23  0:26 UTC (permalink / raw)
  To: selinux

[-- Attachment #1: Type: text/plain, Size: 7269 bytes --]

Hello!

The 3.5-rc1 release for the SELinux userspace is now available at:

https://github.com/SELinuxProject/selinux/wiki/Releases

I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/perfinion.gpg

Thanks to all the contributors, reviewers, testers and reporters!

With Kind Regards,
Jason Zaman

User-visible changes
--------------------

* Maintainer GPG fingerprints added to /SECURITY.md

* Remove dependency on the deprecated Python module distutils and install via pip

* semodule option --rebuild-if-modules-changed was renamed to --refresh

* Translation updated and better handling for unsupported languages

* fixfiles: Unmount temporary bind mounts on SIGINT

* sepolicy: Several python and GTK updates

* libsepol: Stricter policy validation

* A lot of static code analyse issues, fuzzer issues and compiler warnings fixed

* Bug fixes

Development-relevant changes
----------------------------

* ci: Run on Fedora36 instead of F34


Shortlog of the changes since 3.4 release
-----------------------------------------

Christian Göttsche (52):
      libselinux: declare return value of context_str(3) const
      semodule: avoid toctou on output module
      libselinux: simplify policy path logic to avoid uninitialized read
      libselinux: add header guard for internal header
      libselinux: introduce strlcpy
      libselinux: check for truncations
      libselinux: add man page redirections
      libselinux: enclose macro definition in parenthesis
      libselinux: name parameters in context.h
      libselinux: declare parameter of security_load_policy(3) const
      python/audit2allow: close file stream on error
      libsepol: fix validation of user declarations in modules
      checkpolicy: error out if required permission would exceed limit
      libselinux: restorecon: avoid printing NULL pointer
      libsepol: avoid potential NULL dereference on optional parameter
      libsepol/utils: improve wording
      libsepol: do not modify policy during write
      libselinux: set errno to EBADF on O_PATH emulation ENOENT failure
      libsepol: break circular include
      libsepol: include necessary headers in headers
      libsepol: enclose macro parameters and replacement lists in parentheses
      libsepol/tests: add ebitmap tests
      libsepol: add ebitmap_init_range
      libsepol/cil: use ebitmap_init_range
      libsepol: optimize ebitmap_not
      libsepol: optimize ebitmap_and
      libsepol: optimize ebitmap_xor
      libsepol: skip superfluous memset calls in ebitmap operations
      libsepol: rename validate_policydb to policydb_validate
      libsepol: support const avtab_t pointer in avtab_map()
      libsepol: operate on const pointers during validation
      libsepol: rename parameter name
      libsepol: more strict validation
      libsepol: refactor ebitmap conversion in link.c
      libselinux: avoid newline in avc message
      checkpolicy: use strict function prototype for definitions
      restorecond: use strict function prototype for definition
      ci: bump versions in GitHub Actions
      scripts/ci: use F36 image instead of F34
      scripts: ignore Flake8 tag E275
      Ignore egg-info directories and clean them
      libselinux: support objname in compute_create
      libsepol/cil: restore error on context rule conflicts
      libselinux: simplify string copying
      checkpolicy: simplify string copying
      libsepol: simplify string copying
      libselinux: drop set but not used internal variable
      libsepol/tests: use more strict compiler options
      libsepol/tests: add tests for neverallow assertions
      libselinux: make use of strndup
      libselinux: bail out on path truncations
      libselinux: filter arguments with path separators

Dominick Grift (1):
      secilc/doc: classmap is also allowed in permissionx

Elijah Conners (1):
      python: remove IOError in certain cases

James Carter (8):
      docs: Add GPG fingerprints
      python: Do not query the local database if the fcontext is non-local
      libselinux: Remove dependency on the Python module distutils
      libsemanage: Remove dependency on the Python module distutils
      python: Remove dependency on the Python module distutils
      scripts: Remove dependency on the Python module distutils
      README.md: Remove mention of python3-distutils dependency
      Revert "Use `pip install` instead of `setup.py install`"

Jason Zaman (3):
      libselinux: Ignore installed when installing python bindings to DESTDIR
      python: Ignore installed when installing to DESTDIR
      Update VERSIONs to 3.5-rc1 for release.

Jie Lu (3):
      libselinux: fix memory leaks on the audit2why module init
      libselinux: fix some memory issues in db_init
      libselinux:add check for malloc

Juraj Marcin (2):
      libsepol: fix missing double quotes in typetransition CIL rule
      checkpolicy: avoid passing NULL pointer to memset()

Matt Sheets (1):
      libsemanage: Allow user to set SYSCONFDIR

Nicolas Iooss (3):
      libselinux: do not return the cached prev_current value when using getpidcon()
      libsepol: initialize s in constraint_expr_eval_reason
      CircleCI: do not add Debian-specific parameter when invoking setup.py

Ondrej Mosnacek (2):
      libsemanage: always write kernel policy when check_ext_changes is specified
      semodule: rename --rebuild-if-modules-changed to --refresh

Paul Moore (3):
      docs: add Paul Moore's GPG fingerprint
      docs: provide a top level LICENSE file
      docs: update the README.md with a basic SELinux description

Petr Lautrbach (16):
      Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
      libsepol: Drop unused assignment
      gui: Fix export file chooser dialog
      sandbox: Do not try to remove tmpdir twice if uid == 0
      sandbox: Use temporary directory for XDG_RUNTIME_DIR
      python: Fix typo in audit2allow.1 example
      python/sepolicy: Fix sepolicy manpage -w ...
      python/sepolicy: Use distro module to get os version
      python/sepolicy: Simplify generation of man pages
      fixfiles: Unmount temporary bind mounts on SIGINT
      Fix E275 missing whitespace after keyword
      Use `pip install` instead of `setup.py install`
      sepolicy: Switch main selection menu to GtkPopover
      python: Fix detection of sepolicy.glade location
      sepolicy: Call os.makedirs() with exist_ok=True
      Use `pip install` instead of `setup.py install`

Thiébaud Weksteen (1):
      libselinux: ignore invalid class name lookup

Vit Mojzis (7):
      python: Split "semanage import" into two transactions
      gettext: handle unsupported languages properly
      Update translations
      python: Harden tools against "rogue" modules
      libselinux: Ignore missing directories when -i is used
      checkpolicy: Improve error message for type bounds
      libsemanage: Use more conscious language

bauen1 (2):
      secilc/docs: fix syntax highlighting
      secilc/docs: disable pandoc default css for html docs



[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-12-23  0:26 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-23  0:26 ANN: SELinux userspace 3.5-rc1 release Jason Zaman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.