From patchwork Sat Mar 6 18:28:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1448483 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=kPbzg1Ts; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=BJsClmS8; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DtCpF6tcLz9sWS for ; Sun, 7 Mar 2021 05:30:29 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pxf4gkZZ1TZNhtc68V/pUPpmjWYoeXsw18AleC1bLow=; b=kPbzg1TsF2LAv/YXWPYAa06yl ZB6xqFVegqSnW7mUinVBRFvg32CfgHyZaE30kGAPXfPwvDHkmiAtzuWjd7ZwpYHqVUUnhShINaqfi eaNrkFZL8scZ7wfGVWRKZTkRHKVFdX4sL8doGU/iNAXfQ/JWwxqJYg91SNSFQmSApqlOihWV7gEGb SN8HUcVL2qX6MI5QQ06Hzb7HwE/mrEsRrF94oO/0KQ7Clf0mH2eGP0aZweTPy5bxQAYsXQ4DBlhTw aD+Q2/qDMj3rI7FAXJEpvAiAHj71u9u8vXXWa2a4sFxl0kbX192UgNABKLq0wlo6Hn8Dgc0qvGSrI QIFRYF2zw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfp-004AvT-T3; Sat, 06 Mar 2021 18:29:11 +0000 Received: from agnus.defensec.nl ([2001:985:d55d::711]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfE-004Ae0-BQ for openwrt-devel@lists.openwrt.org; Sat, 06 Mar 2021 18:28:37 +0000 Received: from brutus.. (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 96CE52A12E8; Sat, 6 Mar 2021 19:28:29 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 96CE52A12E8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1615055309; bh=SMX8v+SC7GcBDUmYTnbHXJA3fU8s8+RPb/P9C76147s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BJsClmS8DS7LrK9MVjGcvFJlMGvIwU/9hW5YUA1OoYNocJUhgCkvcRnKs3TKLQOc/ slJZHopVNZzrziRs2NDtCgNWogQzaLRTLLRGAt7tteXnvqdKcg6QGS7X+xCpXYQ0lt Zb8ILvfGMY0QSGrKpQ0gOaG7L15CTOa4mPcheiVo= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 1/6 V3] libsepol: update to version 3.2 Date: Sat, 6 Mar 2021 19:28:18 +0100 Message-Id: <20210306182823.316374-2-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210306182823.316374-1-dominick.grift@defensec.nl> References: <20210306182823.316374-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210306_182833_337681_F83FA51C X-CRM114-Status: GOOD ( 10.14 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assign [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf 0861c659 libsepol: Validate policydb values when reading binary policy 8f5409cf libsepol: Create function ebitmap_highest_set_bit() 0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete 32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast 4662bdc1 libsepol/cil: be more robust when encountering 6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument 0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks 1b36ace2 libsepol: include header files in source files when matching declarations 1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check 72a88d75 libsepol: remove unused files eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit 1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() 5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums 34bd9a9d libsepol: destroy filename_trans list properly bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails 228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit a25d9104 libsepol/cil: constify some strings e2d01842 libsepol/cil: propagate failure of cil_fill_list() 6c8fca10 libsepol/cil: do not add a stack variable to a list 38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias 3c357285 libsepol/cil: remove useless print statement 90809674 libsepol/cil: always destroy the lexer state d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible 2aac859a libsepol/cil: Use the macro NODE() whenever possible d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() 9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node() ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* 89dab467 libsepol: free memory when realloc() fails 2d353bd5 libsepol/cil: Give error for more than one true or false block 4a142ac4 libsepol: Bump libsepol.so version 506c7b95 libsepol: Drop deprecated functions ae58e84b libsepol: Get rid of the old and duplicated symbols c97d63c6 libsepol: silence potential NULL pointer dereference warning 64387cb3 libsepol: drop confusing BUG_ON macro 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 a152653b libsepol/cil: Fix neverallow checking involving classmaps 734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy 685f577a libsepol/cil: Validate constraint expressions before adding to binary policy 8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift --- Changes in V3: no changes package/libs/libsepol/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile index 8ceb7164a7..c7950a9ba0 100644 --- a/package/libs/libsepol/Makefile +++ b/package/libs/libsepol/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libsepol -PKG_VERSION:=3.1 +PKG_VERSION:=3.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 -PKG_HASH:=ae6778d01443fdd38cd30eeee846494e19f4d407b09872580372f4aa4bf8a3cc +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2 +PKG_HASH:=dfc7f662af8000116e56a01de6a0394ed79be1b34b999e551346233c5dd19508 PKG_MAINTAINER:=Thomas Petazzoni