From patchwork Sat Mar 6 18:28:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1448483 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=kPbzg1Ts; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=BJsClmS8; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DtCpF6tcLz9sWS for ; Sun, 7 Mar 2021 05:30:29 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pxf4gkZZ1TZNhtc68V/pUPpmjWYoeXsw18AleC1bLow=; b=kPbzg1TsF2LAv/YXWPYAa06yl ZB6xqFVegqSnW7mUinVBRFvg32CfgHyZaE30kGAPXfPwvDHkmiAtzuWjd7ZwpYHqVUUnhShINaqfi eaNrkFZL8scZ7wfGVWRKZTkRHKVFdX4sL8doGU/iNAXfQ/JWwxqJYg91SNSFQmSApqlOihWV7gEGb SN8HUcVL2qX6MI5QQ06Hzb7HwE/mrEsRrF94oO/0KQ7Clf0mH2eGP0aZweTPy5bxQAYsXQ4DBlhTw aD+Q2/qDMj3rI7FAXJEpvAiAHj71u9u8vXXWa2a4sFxl0kbX192UgNABKLq0wlo6Hn8Dgc0qvGSrI QIFRYF2zw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfp-004AvT-T3; Sat, 06 Mar 2021 18:29:11 +0000 Received: from agnus.defensec.nl ([2001:985:d55d::711]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfE-004Ae0-BQ for openwrt-devel@lists.openwrt.org; Sat, 06 Mar 2021 18:28:37 +0000 Received: from brutus.. (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 96CE52A12E8; Sat, 6 Mar 2021 19:28:29 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 96CE52A12E8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1615055309; bh=SMX8v+SC7GcBDUmYTnbHXJA3fU8s8+RPb/P9C76147s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BJsClmS8DS7LrK9MVjGcvFJlMGvIwU/9hW5YUA1OoYNocJUhgCkvcRnKs3TKLQOc/ slJZHopVNZzrziRs2NDtCgNWogQzaLRTLLRGAt7tteXnvqdKcg6QGS7X+xCpXYQ0lt Zb8ILvfGMY0QSGrKpQ0gOaG7L15CTOa4mPcheiVo= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 1/6 V3] libsepol: update to version 3.2 Date: Sat, 6 Mar 2021 19:28:18 +0100 Message-Id: <20210306182823.316374-2-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210306182823.316374-1-dominick.grift@defensec.nl> References: <20210306182823.316374-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210306_182833_337681_F83FA51C X-CRM114-Status: GOOD ( 10.14 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assign [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf 0861c659 libsepol: Validate policydb values when reading binary policy 8f5409cf libsepol: Create function ebitmap_highest_set_bit() 0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete 32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast 4662bdc1 libsepol/cil: be more robust when encountering 6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument 0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks 1b36ace2 libsepol: include header files in source files when matching declarations 1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check 72a88d75 libsepol: remove unused files eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit 1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() 5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums 34bd9a9d libsepol: destroy filename_trans list properly bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails 228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit a25d9104 libsepol/cil: constify some strings e2d01842 libsepol/cil: propagate failure of cil_fill_list() 6c8fca10 libsepol/cil: do not add a stack variable to a list 38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias 3c357285 libsepol/cil: remove useless print statement 90809674 libsepol/cil: always destroy the lexer state d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible 2aac859a libsepol/cil: Use the macro NODE() whenever possible d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() 9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node() ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* 89dab467 libsepol: free memory when realloc() fails 2d353bd5 libsepol/cil: Give error for more than one true or false block 4a142ac4 libsepol: Bump libsepol.so version 506c7b95 libsepol: Drop deprecated functions ae58e84b libsepol: Get rid of the old and duplicated symbols c97d63c6 libsepol: silence potential NULL pointer dereference warning 64387cb3 libsepol: drop confusing BUG_ON macro 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 a152653b libsepol/cil: Fix neverallow checking involving classmaps 734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy 685f577a libsepol/cil: Validate constraint expressions before adding to binary policy 8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift --- Changes in V3: no changes package/libs/libsepol/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile index 8ceb7164a7..c7950a9ba0 100644 --- a/package/libs/libsepol/Makefile +++ b/package/libs/libsepol/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libsepol -PKG_VERSION:=3.1 +PKG_VERSION:=3.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 -PKG_HASH:=ae6778d01443fdd38cd30eeee846494e19f4d407b09872580372f4aa4bf8a3cc +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2 +PKG_HASH:=dfc7f662af8000116e56a01de6a0394ed79be1b34b999e551346233c5dd19508 PKG_MAINTAINER:=Thomas Petazzoni From patchwork Sat Mar 6 18:28:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1448480 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=XquL343/; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=BiJKA5aT; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DtCpF0Jknz9sWP for ; Sun, 7 Mar 2021 05:30:28 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=GkWbXVYjpKxaeJmdrYHoT/xTootGDI9NSE5Xe17EI00=; b=XquL343/6kQglFBw6cal0SNha qkzd4rM1u4ajqRXWj2ZoZ4oj6meU/wH35E24DBApN21R+NfZfSTYVCWiaNzUVSRPdRbYjUNnkS5Zq jtYLa9JLphvnyzjMnu0ycVDf4tUHqA02rFk3b+ExG5tnmry1SahaCdvE3oiHJAl66lcxVvqnblGdE oa8o7x2Vy5UQOJkg8ocW7dH1JhXEhYSW8sTqrErmM4dLtOpRdz1kDoh2pvTqtifaY3hxllflvVYGs LiGCzed8fjHAY9nEOpHpu9nrwce7C4EGPxXr0H2z9xXBYU1YTw4SQrg1SltOSuRD8ymlCtqg/mfwK xSMKaOLHw==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfN-004AjZ-F6; Sat, 06 Mar 2021 18:28:41 +0000 Received: from agnus.defensec.nl ([2001:985:d55d::711]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfE-004Adz-BP for openwrt-devel@lists.openwrt.org; Sat, 06 Mar 2021 18:28:34 +0000 Received: from brutus.. (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 04DB82A13DE; Sat, 6 Mar 2021 19:28:30 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 04DB82A13DE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1615055310; bh=sprnxSGAQNtnNf1TIRVIbbSk1ByfGzUesJtww2UgPXA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BiJKA5aT0Io0mFlscZBwiUUrKfccwem00HC7I40MLDhtDmwCDdyAa5+Eh/pawPzU3 wPEwKJm6o+2T9v3JEb1V9hjlbzvaP9z37o48nB+jYlpQSjSA1E6o87GcI0kUOucrdA vCKB3jgOJZXZv1FTdDgGk1CKciqTwhI4fzsqwAaA= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 2/6 V3] libselinux: update to version 3.2 Date: Sat, 6 Mar 2021 19:28:19 +0100 Message-Id: <20210306182823.316374-3-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210306182823.316374-1-dominick.grift@defensec.nl> References: <20210306182823.316374-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210306_182833_023373_1D9D9C1B X-CRM114-Status: UNSURE ( 7.74 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 142826a3 libselinux: fix segfault in add_xattr_entry() 398d2cee libselinux: rename gettid() to something which never conflicts with the libc 8f0f0a28 selinux(8,5): Describe fcontext regular expression [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 142826a3 libselinux: fix segfault in add_xattr_entry() 398d2cee libselinux: rename gettid() to something which never conflicts with the libc 8f0f0a28 selinux(8,5): Describe fcontext regular expressions 9cc6b5cf libselinux/getconlist: report failures 156dd0de libselinux: update getseuser e2dca5df libselinux: accept const fromcon in get_context API da4829d0 libselinux: Always close status page fd 45b15c22 selinux(8): explain that runtime disable is deprecated 3c16aaef selinux(8): mark up SELINUX values c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable db0f2f38 libselinux: Add build option to disable X11 backend 4a142ac4 libsepol: Bump libsepol.so version d23342a9 libselinux: convert matchpathcon to selabel_lookup() 7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format. f5d644c7 libselinux: Add additional log callback details in man page for auditing. 075f9cfe libselinux: Fix selabel_lookup() for the root dir. a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices. a63f93d8 libselinux: initialize last_policyload in selinux_status_open() ef902db9 libselinux: safely access shared memory in selinux_status_updated() 9e4480b9 libselinux: Remove trailing slash on selabel_file lookups. 21fb5f20 libselinux: use full argument specifiers for security_check_context in man page e7abd802 libselinux: fix build order 05bdc031 libselinux: use kernel status page by default Signed-off-by: Dominick Grift --- Changes in V3: no changes package/libs/libselinux/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package/libs/libselinux/Makefile b/package/libs/libselinux/Makefile index 5fe745d004..0c5f9baceb 100644 --- a/package/libs/libselinux/Makefile +++ b/package/libs/libselinux/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libselinux -PKG_VERSION:=3.1 -PKG_RELEASE:=3 +PKG_VERSION:=3.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 -PKG_HASH:=ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7 +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2 +PKG_HASH:=df758ef1d9d4811051dd901ea6b029ae334ffd7c671c128beb16bce1e25ac161 HOST_BUILD_DEPENDS:=libsepol/host pcre/host PKG_LICENSE:=libselinux-1.0 From patchwork Sat Mar 6 18:28:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1448479 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=cvd8qM9M; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=O8ByeNf0; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DtCpF05dDz9sW5 for ; Sun, 7 Mar 2021 05:30:28 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=uwTC4KyFNKxe1wHNIndL6GSXYunPjDs1PVvR+ly68QQ=; b=cvd8qM9Myg+YOYSOcyvha/MVf tZKVMyb1so9tOSGeGcRmFmvBaAWw887PSb3b0N1drPNkNVlc9WKxI3Y81q8mM7qELYxr0fJgobeH4 BN/fymmpz4RSWCQD4fPilR81TSqxDSRBL9yOit7XLa6hk2gR4HPXedV8iPuq+AOPAnH/4f+RdxlPd euONMcbDK/uFYN4YBBr6E9GuQ/CkZ4u3z74GIVqJ/qOCGQiasrZm1R/fgoQoBv4Gx0jES+g5waSnk eZhPpqICWm5pCUjjqDsxgA9bSsnNRRNCxJfSpjGKxeBScSgemUVE3qJt2+lO/oRKV9Y2dAsvwPdvO 01JZsfpng==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfZ-004Ap8-Nc; Sat, 06 Mar 2021 18:28:53 +0000 Received: from agnus.defensec.nl ([80.100.19.56]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfE-004Ady-BO for openwrt-devel@lists.openwrt.org; Sat, 06 Mar 2021 18:28:36 +0000 Received: from brutus.. (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 22E232A16E8; Sat, 6 Mar 2021 19:28:30 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 22E232A16E8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1615055310; bh=W8La7i2FfkYGXoOu9rxHV80+eN2kS8dvG9Y9ScdQTh8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O8ByeNf0bv1taTzYn+HbtX09lEZRMkV7zqqyK8grL41USETf0raM7+H7ibT/WDEmH REUr1OzMYFh9CJXNrlb0KzczM5FDqnpP+itPnwlBFJiW/TpKPZCN+r8ZqqrxwaO3E/ Z4cijTXkiSt70BUYUi/D3IkC46h0BAJ11L9FV3j0= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 3/6 V3] libsemanage: update to version 3.2 Date: Sat, 6 Mar 2021 19:28:20 +0100 Message-Id: <20210306182823.316374-4-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210306182823.316374-1-dominick.grift@defensec.nl> References: <20210306182823.316374-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210306_182833_339120_7BD4689B X-CRM114-Status: UNSURE ( 6.50 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: c35919a7 libsemanage: sync filesystem with sandbox 5b05e829 Revert "libsemanage/genhomedircon: check usepasswd" edae9275 libsemanage: Free contents of modkey in semanage_direct_remove ce46daab libsema [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org c35919a7 libsemanage: sync filesystem with sandbox 5b05e829 Revert "libsemanage/genhomedircon: check usepasswd" edae9275 libsemanage: Free contents of modkey in semanage_direct_remove ce46daab libsemanage/genhomedircon: check usepasswd 6ebb35d2 libsemanage: Bump libsemanage.so version c08b73d7 libsemanage: Drop deprecated functions b46406de libsemanage: Remove legacy and duplicate symbols Signed-off-by: Dominick Grift --- Changes in V3: no changes package/libs/libsemanage/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/libs/libsemanage/Makefile b/package/libs/libsemanage/Makefile index 79b492d0d3..ff1519f14e 100644 --- a/package/libs/libsemanage/Makefile +++ b/package/libs/libsemanage/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libsemanage -PKG_VERSION:=3.1 +PKG_VERSION:=3.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 -PKG_HASH:=22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8 +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2 +PKG_HASH:=d722a55ca4fe2d4e2b30527720db657e6238b28079e69e2e4affeb8e733ee511 PKG_MAINTAINER:=Thomas Petazzoni PKG_LICENSE:=LGPL-2.1 PKG_LICENSE_FILES:=COPYING From patchwork Sat Mar 6 18:28:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1448482 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=W3mUgi9t; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=UQcBTb+t; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DtCpF4Hc7z9sWR for ; Sun, 7 Mar 2021 05:30:29 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=qVezV1nKAgRlE+9p/YAsmzpUz9nVt/ePof2x3Vea0Pc=; b=W3mUgi9t5gQFDTVCJ2xMJB30f EgPIsLuw8/jEzlBLQE7AzUXzrALTojd337tzvUuZAo5NSaOmM4D0ye8HxUb8rDB28GUwRmlePONJC RLMnIF8HwWHib1OmbjE8+DvZeeapNOGIWQuZYikawBZg456RB4YSU5M1FUhwAQtPVI1a4hDicVSGt i+jW58eYhTFvmwkFgsmTRSZkk+bMRPwpdoif4pvdFViNetJhJ4Z6zOG/wmVqUIHTL6ni6AhBm+WNS 2pVVRLI+rTNPP188Sfu27AQBiOK10pGJptIRZMyB3CmRUiAxvTGa4BXuucnfj1UcJ1SFlj85Ltora qzOIyxLkA==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfh-004As7-Ue; Sat, 06 Mar 2021 18:29:02 +0000 Received: from agnus.defensec.nl ([80.100.19.56]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfE-004Adx-BM for openwrt-devel@lists.openwrt.org; Sat, 06 Mar 2021 18:28:36 +0000 Received: from brutus.. (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 30F752A16E9; Sat, 6 Mar 2021 19:28:30 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 30F752A16E9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1615055310; bh=DjnlpvEY+NSKkD80Y0dPoUdTiuCgGpfL9STC7ZtQX3c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UQcBTb+tHbwWgIHKS3NI7N+kjNSIjCvk1l34mor59Zn5k7JJoBjbI4XqMcWmsZs7Y eZLINiO6RexARt/jH9XRvnyBpO3CQcvOqxyBTkZEJ64G9zJm9m68imwKEBX+0MgWMv behBNkjEJY8LmS11s75WcznztGDMPlkxqdn2Iqoo= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 4/6 V3] policycoreutils: update to version 3.2 Date: Sat, 6 Mar 2021 19:28:21 +0100 Message-Id: <20210306182823.316374-5-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210306182823.316374-1-dominick.grift@defensec.nl> References: <20210306182823.316374-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210306_182833_336917_D0B18C94 X-CRM114-Status: UNSURE ( 6.96 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: d464187c policycoreutils: sestatus belongs to bin not sbin d59932a7 policycoreutils: Resolve path in restorecon_xattr 5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org d464187c policycoreutils: sestatus belongs to bin not sbin d59932a7 policycoreutils: Resolve path in restorecon_xattr 5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify 57dd1f65 policycoreutils/setfiles: Drop unused nerr variable be7f54cb setfiles: drop ABORT_ON_ERRORS and related code 9207823c setfiles: Do not abort on labeling error c064d214 selinux_config(5): add a note that runtime disable is deprecated 8bc865e1 newrole: support cross-compilation with PAM and audit ba2d6c10 fixfiles: correctly restore context of mountpoints Signed-off-by: Dominick Grift --- Changes in V3: no changes package/utils/policycoreutils/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package/utils/policycoreutils/Makefile b/package/utils/policycoreutils/Makefile index ec55a3d8ee..da4976457c 100644 --- a/package/utils/policycoreutils/Makefile +++ b/package/utils/policycoreutils/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=policycoreutils -PKG_VERSION:=3.1 -PKG_RELEASE:=5 +PKG_VERSION:=3.2 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 -PKG_HASH:=c889f62ee80f8b6a369469a9b8af51f5b797975aeaa291f5c5960cc12eed1934 +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2 +PKG_HASH:=d1331c6fa766c547b071c491de90b9f343c8dbffdb119be8a5a7e491199b93a9 PKG_INSTALL:=1 HOST_BUILD_DEPENDS:=libsemanage/host gettext-full/host PKG_BUILD_DEPENDS:=BUSYBOX_CONFIG_PAM:libpam gettext-full/host From patchwork Sat Mar 6 18:28:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1448485 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=AxNVyzB+; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=p4TcjGfY; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DtCpZ693Xz9sW5 for ; Sun, 7 Mar 2021 05:30:46 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=pnaZWtHyMLJEOinR8DDPQZsUOouOXt/S5hWq1mM40F8=; b=AxNVyzB+NgYPs/4CGjJflTLhg CWXJ/Lf9+uQK5/gWQxatNOcE56WcnwskqbJdD2ZQ/alK7dn+9iSMsJJJwWj6DglqHpCgnGcx3iXm/ 74osZ1DXQYxuKDxxQXzI7pTjSR+KF00TfAkk9UIWcqzm8wcj9TTsAoHwL6MImUi0D/1yj8QiVMhqK ZY5aF2O6rNve3EbPAvLk4rgvXD+h8jECZ32Fi9Zv4OIiZrHLwkfq98M1CTgYvxBdweTTM8TEPXw80 pFXfWQ19H2IbEJts7vpoQJDomf7H/bxwV1Gfwwpox+2o8UUb2BSUivj3lvdIVD4C+ZoHL4JYa1civ bRSJuh1xA==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbgL-004BDh-FD; Sat, 06 Mar 2021 18:29:41 +0000 Received: from agnus.defensec.nl ([2001:985:d55d::711]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfH-004Agp-5L for openwrt-devel@lists.openwrt.org; Sat, 06 Mar 2021 18:28:37 +0000 Received: from brutus.. (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 4B1C72A16EA; Sat, 6 Mar 2021 19:28:30 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 4B1C72A16EA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1615055310; bh=j4NE+3FYH0jnTY3ML9y/8BcqsUXZRY8sc8PIWRDztNA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=p4TcjGfYptoJAHXCBHrKPZA2BYiZQVI0fNPVPQdTAJWm1Y3aGy9SZvIdZMXdW/n/x sSHiFC+sK3YBh2PR5CC9um25iA8fKSDX2OhwHWZ+McDDbeH+vG6lI003sDve/igKEb vl1RqQzExywIejSFFpnagyRv5+Ot8Q6W9+LtPlY8= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 5/6 V3] secilc: update to version 3.2 Date: Sat, 6 Mar 2021 19:28:22 +0100 Message-Id: <20210306182823.316374-6-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210306182823.316374-1-dominick.grift@defensec.nl> References: <20210306182823.316374-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210306_182835_292461_276531A7 X-CRM114-Status: UNSURE ( 7.46 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 49ff851c secilc: fixes cil_role_statements.md example 03881703 secilc/docs: add custom color theme 4c8d6094 secilc/docs: add syntax highlighting for secil 057d72af secilc/docs: use fenced code blocks [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 49ff851c secilc: fixes cil_role_statements.md example 03881703 secilc/docs: add custom color theme 4c8d6094 secilc/docs: add syntax highlighting for secil 057d72af secilc/docs: use fenced code blocks for cil examples e8bcdb84 cil_network_labeling_statements: fixes nodecon examples eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes 9e9b8103 secilc/docs: document expandtypeattribute fbe1e526 Update the cil docs to match the current behaviour. Signed-off-by: Dominick Grift --- Changes in v3: split out checkpolicy update to version 3.2 package/utils/secilc/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/utils/secilc/Makefile b/package/utils/secilc/Makefile index 26c20f9213..7ed22615c0 100644 --- a/package/utils/secilc/Makefile +++ b/package/utils/secilc/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=secilc -PKG_VERSION:=3.1 +PKG_VERSION:=3.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 -PKG_HASH:=86117246fec3017af710a9ff7c1dae3ed1cd571e232a86cff3e2a3de2d6aa65c +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2 +PKG_HASH:=5f6e6528a281b29ac5e558babffc3d8aab682fd8df8977daff5f266a50292cc3 HOST_BUILD_DEPENDS:=libsepol/host PKG_MAINTAINER:=Dominick Grift From patchwork Sat Mar 6 18:28:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1448484 X-Patchwork-Delegate: ynezz@true.cz Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=cF+LCDnZ; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=sYccfFba; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DtCpM71lGz9sW5 for ; Sun, 7 Mar 2021 05:30:35 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=EmisvGCauoD4JUTRgX1ggkBsLOG/SK2xqg4Ys2uw7SU=; b=cF+LCDnZnkeNCppML0vDzV0wO ZTn0wE8RHajKJCnA949BQI1CAl4pkRnEnRt2Lt71DtJjMf90c57TAvMyIHscJ8O9+9NIN/LuC0vsR i9aBQP6GZEM6Cu6zo1D2sAOQYRxmocuQ6JMizJKmagf3lSF+/bv9SU6OOhI9Kng65n0WPKvqoP72v Pc39p1FVRw/DI7tekTNbyaOtZXlXGLKfPUsPDFYb8hEPOdnO1kjb/hDfiyjA1gxJydwD2iTnvY0UN rxDOBFniGfIThL8E4WUYddRm4+KOtpWqjPPAB/v4+0qj4yM9+G4O4XVjPv5OC9SZ3wvWsG0m7RHW1 osU297xeQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbg3-004B1W-5Y; Sat, 06 Mar 2021 18:29:23 +0000 Received: from agnus.defensec.nl ([2001:985:d55d::711]) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lIbfH-004Ago-5T for openwrt-devel@lists.openwrt.org; Sat, 06 Mar 2021 18:28:37 +0000 Received: from brutus.. (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id 692032A16EB; Sat, 6 Mar 2021 19:28:30 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl 692032A16EB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1615055310; bh=u4Wuxqg+1iSCMLJG3IJL0dun3H2oBJm2SVBe86CEfiQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sYccfFbaTbeA43akVnRdLVEpiC74kMitSnUgIDekyhoMZv5uJvctWPmg5IQISukls 8sfQy4k9kqi4EG9K/J7VxRKdOLKIrw8/VsjH9zi+LGpVoUsWvwxj7YQqzx3i+WOY/0 1GRKKfot3fnh2+DAImrqYaMJuVoLCxhqlpE4/ajI= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 6/6 V3] checkpolicy: update to version 3.2 Date: Sat, 6 Mar 2021 19:28:23 +0100 Message-Id: <20210306182823.316374-7-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210306182823.316374-1-dominick.grift@defensec.nl> References: <20210306182823.316374-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210306_182835_362077_9C49C137 X-CRM114-Status: UNSURE ( 6.41 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift --- Changes in V3: split from secilc update to version 3.2 Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift --- Changes in V3: split from secilc update to version 3.2 package/utils/checkpolicy/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/utils/checkpolicy/Makefile b/package/utils/checkpolicy/Makefile index 8def9ea65d..206bf201c0 100644 --- a/package/utils/checkpolicy/Makefile +++ b/package/utils/checkpolicy/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=checkpolicy -PKG_VERSION:=3.1 +PKG_VERSION:=3.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710 -PKG_HASH:=dfc7707070520c93b14fbbdfdbe081364d806bf28e3e79e10318c2594c77bbb2 +PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2 +PKG_HASH:=9b1c81fa86fe3867842164448d90c8e7ea94b2987497809c65d4caa87a5c5bc8 PKG_INSTALL:=1 PKG_BUILD_DEPENDS:=libselinux HOST_BUILD_DEPENDS:=libselinux/host