From patchwork Thu May 19 18:54:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1633477 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=iEAbbP/H; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=AiUQ5uPC; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L3zf44RPNz9sGS for ; Fri, 20 May 2022 04:58:36 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=aiU37rXU4x9Pju6JWohHYvOZD44ItmDtL8brcYDsYD8=; b=iEAbbP/HeEs/1r YIfCNnkfVVXrTxYmuUzMSkxAy6LyZMQ+HVyPRx+QHDCgRqB2DV1wyrDsg5UjLaxPzd2Az79Hy1F4+ BBk1AGW9P25N7T3i2rCo1Wrib6Hys46Q957pNnzCeh00WGf6o8NvqnNkAaEmvDFF4bSVw3KPyiPQ3 ihpScKs9eANcYAJv2TNIH0xriO+gInzmb8bxKHSaLZlr3EjEBORNsVOmk026xv/STsVDy/ZI53TsS 4seA8phv39rJj/VURclVQmZ6f4jZz5R5BgQW8L2P/zOOM9fstEftLUr8b6AcqloY4IDIrLwXIRByP /yDWLCy0/4nvTz/Jh8vg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlJK-0090Nv-Bs; Thu, 19 May 2022 18:55:46 +0000 Received: from markus.defensec.nl ([45.80.168.93]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIP-00908m-NB for openwrt-devel@lists.openwrt.org; Thu, 19 May 2022 18:54:53 +0000 Received: from brutus.. (brutus.lan [IPv6:2a10:3781:2099::438]) by markus.defensec.nl (Postfix) with ESMTPSA id 1EB7CFC093E; Thu, 19 May 2022 20:54:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1652986482; bh=XoS3cwA34p5Xi665nVDvU7adl85uLIPpTI9h2YWXtTc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AiUQ5uPCrKYD1vhSc5/17BN523K6QNoCpQbgJtUFlp1qT2/O6tp2EG0dyp7NWduhn l0BYyGRsSdfAmfjAqoF6p/iOu0qGPAPhjz+wc+tf/4I3FnKsiqfjRNj+JPH08TqV+g baPq0j3wy2KIkg0CuerLH70LUf3SMA/VOSa85l98= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: daniel@makrotopia.org, Dominick Grift Subject: [PATCH 1/8] libsepol: update to version 3.4 Date: Thu, 19 May 2022 20:54:13 +0200 Message-Id: <20220519185418.168937-2-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220519185418.168937-1-dominick.grift@defensec.nl> References: <20220519185418.168937-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220519_115450_020208_CC3D0009 X-CRM114-Status: GOOD ( 14.79 ) X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 0a8c177d Update VERSIONs to 3.4 for release. 9e096e6e libsepol, checkpolicy: add support for self keyword in type transitions 539b0660 libsepol/cil: add support for self keyword in type transitions 9df [...] Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [45.80.168.93 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 0a8c177d Update VERSIONs to 3.4 for release. 9e096e6e libsepol,checkpolicy: add support for self keyword in type transitions 539b0660 libsepol/cil: add support for self keyword in type transitions 9df28c24 Update VERSIONs to 3.4-rc3 for release. 2a167d11 Update VERSIONs to 3.4-rc2 for release. 8c115936 libsepol/cil: comment out unused function __cil_verify_rule 80137479 libsepol/tests: adjust IPv6 netmasks c74df1cd libsepol/tests: Declare file local functions as static 4a77a5ba libsepol/tests: Include paired headers for prototypes 02f330c9 libsepol/tests Include policydb.h header for policydb_t declaration 9d57ab6c libsepol: drop unnecessary const discarding casts 68a29c3a libsepol: check correct pointer for oom 6bc29805 libsepol/cil: declare file local function pointer static 20187dbf libsepol: Replace calls to mallocarray() with calls to calloc() fed78faa libsepol: add policy utilities fbba2393 libsepol: export functions for policy analysis 3ae07ec3 libsepol: introduce sepol_const_security_context_t typedef f0e085f6 libsepol: add sepol_av_perm_to_string 73562de8 Update VERSIONs to 3.4-rc1 for release. f5a764d9 libsepol/cil: post process pirqcon rules cf7f7aaf libsepol/cil: drop unused function cil_tree_error 6bfd1be2 libsepol/cil: declare file local functions static c640af42 libsepol: mark immutable common helper parameter const 63599466 libsepol: mark immutable mls and context parameter const 0233e4f6 libsepol: add missing oom checks 5d3c4430 libsepol/cil: silence GCC 12 array-bounds false positive c3f0124b libsepol: Validate conditional expressions dfc652f0 libsepol: Use calloc when initializing bool_val_to_struct array 5456002f libsepol/cil: Write a message when a log message is truncated 29e610f9 libsepol: Don't write out constraint if it has no permissions 1f15c628 libsepol/cil: Don't add constraint if there are no permissions 0d84ebcb libsepol: Shorten the policy capability enum names 672d8c2c libsepol: validate boolean datum arrays 93ff4ce5 libsepol: reject xperm av rules in conditional statements 5b6e6254 libsepol: Do a more thorough validation of constraints cc1bd5e8 libsepol: fix reallocarray imports 2d35696d libsepol: NULL pointer offset fix 71bcdcc9 libsepol: Add 'ioctl_skip_cloexec' policy capability c900816e libsepol: Populate and use policy name bc26ddc5 libsepol/cil: Limit the amount of reporting for context rule conflicts c964fe14 libsepol/cil: Limit the neverallow violations reported 3c45d91c libsepol/cil: Provide more control over reporting bounds failures 3ffb84ec libsepol/cil: Add cil_get_log_level() function 71291385 libsepol: Fix two problems with neverallowxperm reporting 931380ca libsepol: Set args avtab pointer when reporting assertion violations fb3a383f libsepol: The src and tgt must be the same if neverallow uses self 46106724 libsepol: Make return value clearer when reporting neverallowx errors 88c79c68 libsepol: Refactor match_any_class_permissions() to be clearer 3b71e516 libsepol: Make use of previously created ebitmap when checking self cfdf4ec2 libsepol: Move assigning outer loop index out of inner loop 8f643827 libsepol: Remove unnessesary check for matching class 68d32d2c libsepol: Use (rc < 0) instead of (rc) when calling ebitmap functions 7312d3c6 libsepol: Create function check_assertion_self_match() and use it d4456cb4 libsepol: Move check of target types to before check for self a9d56880 libsepol: Use consistent return checking style 18e1ae11 libsepol: Check for error from check_assertion_extended_permissions() a700e426 libsepol: Remove uneeded error messages in assertion checking c2af8933 libsepol: Change label in check_assertion_avtab_match() 521e6ad7 libsepol: Return an error if check_assertion() returns an error. ff25475c libsepol: validate several flags 9bee80da libsepol: more strict constraint validation 496002e7 libsepol: use correct error type to please UBSAN 86cdb9f1 libsepol/cil: Ensure that the class in a classcommon is a kernel class f0823bbb libsepol/cil: Do not resolve names to declarations in abstract blocks 6d783e5b libsepol/cil: Mark as abstract all sub-blocks of an abstract block e6429963 libsepol/cil: Do not copy blockabstracts when inheriting a block 58443a00 libsepol: do not add gaps to string list 73850041 libsepol: invert only valid range of role bitmap 42a8dc46 libsepol: handle type gaps b8cba274 libsepol: drop trailing newlines in log messages f52f5e27 libsepol: return failure on saturated class name length c3d52a6a libsepol: check for saturated class name length ad2ff8a8 ci: run the tests under ASan/UBsan on GHActions b78560fd libsepol: check for valid sensitivity before lookup b2ba721e libsepol/cil: bail out on snprintf failure 5e6e516e libsepol: validate class default targets 24618ad3 libsepol: validate fsuse types 8a7215c6 libsepol: validate categories 80b94415 libsepol: validate policy properties 2c4da50a libsepol: validate permissive types 88e280a1 libsepol: validate genfs contexts 86281337 libsepol: validate ocontexts 5f816232 libsepol: validate type of avtab type rules 8c59d614 libsepol: validate constraint expression operators and attributes 312eac1c libsepol: validate avtab and avrule types ba6d8225 libsepol: resolve log message mismatch e39cf0a1 libsepol: validate permission count of classes fffb1609 libsepol: validate expanded user range and level 8fdb3eb2 libsepol: validate MLS levels e2e60d9b libsepol: split validation of datum array gaps and entries 691e6aff libsepol: do not create a string list with initial size zero 35ef9b95 libsepol: use correct size for initial string list 73154020 libsepol: do not crash on user gaps b76eda52 libsepol: do not crash on class gaps c12b7d90 libsepol: do not underflow on short format arguments 47c3d96e libsepol: use size_t for indexes in strs helpers 8565e2c5 libsepol: zero member before potential dereference 1b4979c5 libsepol: reject invalid filetrans source type 8750fb68 libsepol: reject abnormal huge sid ids f571438a libsepol: clean memory on conditional insertion failure 2331dcaf libsepol: enforce avtab item limit 97af65f6 libsepol: add checks for read sizes f0a5f6e3 libsepol: use reallocarray wrapper to avoid overflows 18303c85 libsepol: use mallocarray wrapper to avoid overflows 852f14d4 libsepol: use logging framework in ebitmap.c 5c178f9f libsepol: use logging framework in conditional.c 51394330 libsepol/fuzz: limit element sizes for fuzzing 82438341 libsepol: add libfuzz based fuzzer for reading binary policies e0ba1168 libsepol/fuzz: silence secilc-fuzzer 413518a6 libsepol/cil: support IPv4/IPv6 address embedding a46ade3f libsepol: Write out genfscon file type when writing out CIL policy 3677af8f libsepol/cil: Allow optional file type in genfscon rules c9ed5521 libsepol/cil: Refactor filecon file type handling 55e67489 libsepol: Add support for file types in writing out policy.conf c42dcf58 libsepol: use string literals as format strings f95dbf2c libsepol: avoid passing NULL pointer to memcpy b98d3c4c libsepol: do not pass NULL to memcpy Signed-off-by: Dominick Grift --- package/libs/libsepol/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile index 87f1ccd917..39f646b7c0 100644 --- a/package/libs/libsepol/Makefile +++ b/package/libs/libsepol/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libsepol -PKG_VERSION:=3.3 +PKG_VERSION:=3.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=2d97df3eb8466169b389c3660acbb90c54200ac96e452eca9f41a9639f4f238b +PKG_HASH:=fc277ac5b52d59d2cd81eec8b1cccd450301d8b54d9dd48a993aea0577cf0336 PKG_MAINTAINER:=Thomas Petazzoni From patchwork Thu May 19 18:54:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1633476 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=LCEWRjzE; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=sTYemQI2; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L3zdt4kmrz9sGY for ; Fri, 20 May 2022 04:58:26 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=A7lrv7MgFx34YvtLupK0qh6u70ZTZJMlUEHvpo3oe6E=; b=LCEWRjzELNkIl+ lOx9OU4xqLSh4dmiawC68HsZIcIbuh0qlTv70wTgDGU83QtOqEda51qK/Untak5P4foK68mBbIomu hyBmZsSnGOM2F3Mm6xCMb2ukYcmTcYhN9w9TAmxhG0Xi9yq6JcvE+O9adq0Qc3B3NDY5lG7IFYILj 4mqlmvHfx+EYvhVFpwXcshz45tzCRY0+gbyJ6JTSPFVDdl0luJW+UKq3Dy21dB2eunurjzb0TPl4u UIWvM8oCQlC+GcxfsY8tmeVa5WeHlIaPOzOd2sVJuNcc9IN/Z5ER/UrvhFTujVi48Ho5nmvj1MLCR N1ItfCSzv9GOuYDlW+ww==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIf-0090Da-OO; Thu, 19 May 2022 18:55:05 +0000 Received: from markus.defensec.nl ([45.80.168.93]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIP-00908l-N9 for openwrt-devel@lists.openwrt.org; Thu, 19 May 2022 18:54:51 +0000 Received: from brutus.. (brutus.lan [IPv6:2a10:3781:2099::438]) by markus.defensec.nl (Postfix) with ESMTPSA id 6833BFC0940; Thu, 19 May 2022 20:54:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1652986482; bh=MaadTRJ49xvhUZ7SEPf0s+axsGQFwWWu9lXCIqwZOZU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sTYemQI20HlAV724UsVxKD29KWAUBaMcNMbwCgYe1TdHCJX2kMidIpNPfz/jd9VQY Bm+/V1aVtG8J+Fnjlh3Bz9+h2+jvdAlhgcOan//Le0Db1OY2RNdKfQq6gbLSFeY/0s w06CT6/PcVj0xzrAXGJkNBmZhdzfOtqZR+jzLtXw= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: daniel@makrotopia.org, Dominick Grift Subject: [PATCH 2/8] libselinux: update to version 3.4 Date: Thu, 19 May 2022 20:54:14 +0200 Message-Id: <20220519185418.168937-3-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220519185418.168937-1-dominick.grift@defensec.nl> References: <20220519185418.168937-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220519_115449_953847_D31EB088 X-CRM114-Status: UNSURE ( 6.66 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: libselinux depends on pcre2 instead of pcre as of version 3.4 0a8c177d Update VERSIONs to 3.4 for release. 822ad96c libselinux: update man page of setfilecon(3) family about context parameter 0c407c3f libselinux/utils: print errno on failure 88d43a8d libselinux: [...] Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [45.80.168.93 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org libselinux depends on pcre2 instead of pcre as of version 3.4 0a8c177d Update VERSIONs to 3.4 for release. 822ad96c libselinux: update man page of setfilecon(3) family about context parameter 0c407c3f libselinux/utils: print errno on failure 88d43a8d libselinux: preserve errno in selinux_log() 8266fd94 libselinux: free memory in error branch 7e979b56 libselinux: restorecon: pin file to avoid TOCTOU issues aaa49aca libselinux: restorecon: forward error if not ENOENT 657420d6 libselinux: restorecon: misc tweaks a782abf2 libselinux: emulate O_PATH support in fgetfilecon/fsetfilecon 9df28c24 Update VERSIONs to 3.4-rc3 for release. 0b691d1a selinux_restorecon: introduce SELINUX_RESTORECON_COUNT_ERRORS 2a167d11 Update VERSIONs to 3.4-rc2 for release. e1761979 libselinux: correctly hash specfiles larger than 4G b9a4d13a libselinux: free memory on selabel_open(3) failure 63df12fe libselinux: correct parameter type in selabel_open(3) 0aa974a4 libselinux: limit has buffer size 1020a5a2 libselinux/utils: check for valid contexts to improve error causes 73562de8 Update VERSIONs to 3.4-rc1 for release. c1a8da6e libselinux: Close leaked FILEs 4bab3ecc libselinux: Strip spaces before values in config e0da140d libselinux: use PCRE2 by default 4bafb8eb libselinux: Fix selinux_restorecon_parallel symbol version 02f302fc selinux_restorecon: introduce selinux_restorecon_parallel(3) a578d1ce selinux_restorecon: add a global mutex to synchronize progress output 78bdce9c libselinux: make is_context_customizable() thread-safe a3516ec6 libselinux: make selinux_log() thread-safe 46427054 selinux_restorecon: protect file_spec list with a mutex 43dc50fc selinux_restorecon: simplify fl_head allocation by using calloc() abe410aa label_file: fix a data race 85982d83 libselinux: use valid address to silence glibc 2.34 warnings Signed-off-by: Dominick Grift --- package/libs/libselinux/Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/package/libs/libselinux/Makefile b/package/libs/libselinux/Makefile index 6bda72b5de..9a485157b8 100644 --- a/package/libs/libselinux/Makefile +++ b/package/libs/libselinux/Makefile @@ -6,19 +6,19 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libselinux -PKG_VERSION:=3.3 -PKG_RELEASE:=2 +PKG_VERSION:=3.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=acfdee27633d2496508c28727c3d41d3748076f66d42fccde2e6b9f3463a7057 -HOST_BUILD_DEPENDS:=libsepol/host pcre/host +PKG_HASH:=77c294a927e6795c2e98f74b5c3adde9c8839690e9255b767c5fca6acff9b779 +HOST_BUILD_DEPENDS:=libsepol/host pcre2/host PKG_LICENSE:=libselinux-1.0 PKG_LICENSE_FILES:=LICENSE PKG_MAINTAINER:=Thomas Petazzoni -HOST_BUILD_DEPENDS:=libsepol/host musl-fts/host pcre/host +HOST_BUILD_DEPENDS:=libsepol/host musl-fts/host pcre2/host include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/host-build.mk @@ -71,7 +71,7 @@ define Package/libselinux $(call Package/libselinux/Default) SECTION:=libs CATEGORY:=Libraries - DEPENDS:=+libsepol +libpcre +USE_MUSL:musl-fts + DEPENDS:=+libsepol +libpcre2 +USE_MUSL:musl-fts endef define Package/libselinux/description @@ -103,7 +103,7 @@ endef $(foreach a,$(LIBSELINUX_UTILS),$(eval $(call GenUtilPkg,libselinux-$(a),$(a)))) # Needed to link libselinux utilities, which link against -# libselinux.so, which indirectly depends on libpcre.so, installed in +# libselinux.so, which indirectly depends on libpcre2.so, installed in # $(STAGING_DIR_HOSTPKG). HOST_LDFLAGS += -Wl,-rpath="$(STAGING_DIR_HOSTPKG)/lib" From patchwork Thu May 19 18:54:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1633475 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=W5Tvbasw; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=cmLRXtNy; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L3zdt2ZrBz9sGS for ; Fri, 20 May 2022 04:58:26 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=6D8VOwX1HVVJ/tHMsy1zTLa2QddnvpHA4RtZTkG7uHI=; b=W5TvbaswpWlz1L SJqu4nmiUzqMua8Tr/fMDJMCNms2dbdZybqkiTsmZft4cLO2rDIbDxbufy+kZfkvhHxg58zov7O1v 5Hv2R269NwSj2D4xmfy9xW4F8hL31+iOXZGw+B3i6Ohb3h0afpYAp2zyCcbMiu2ZhAgp3pVrP6rch 0M0zyUZ+M0/dcMoijSRCVBSxP9S2k10Wu/N+uhhf3fV6T44Fx5pxBKbEZVq9/fWcbDbnpYecMnLyv e6likcFalvdog0B1yWH2unKcuktfcRq7gxjDgM8p6+c+p6rriVNUjn6iatVC06v2qXn9scRkstFoj zBj09uSfSTChy6Wpc8oA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlJ5-0090JT-Ta; Thu, 19 May 2022 18:55:32 +0000 Received: from markus.defensec.nl ([45.80.168.93]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIP-00908n-NA for openwrt-devel@lists.openwrt.org; Thu, 19 May 2022 18:54:52 +0000 Received: from brutus.. (brutus.lan [IPv6:2a10:3781:2099::438]) by markus.defensec.nl (Postfix) with ESMTPSA id 0ACC9FC0948; Thu, 19 May 2022 20:54:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1652986483; bh=CISVfKZyfQaW3VOeOPelFxx5TA4C5wmAco16y8uaLeY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cmLRXtNyHIwbsoHjl+QfWoS/672fbz8pawvrfExMcvIozvK4xTSRHhS56vQ3Qn1jz DnuMkn9Axt+T2z5lBf0g+UvhYXnBm8lO1GmkKQCWRhiTS+2J8hLBfSkRemq98MKFZY 9WVjkdJNOmbFVpVo3TqnMaxmatC2DbQlr3rMXMG0= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: daniel@makrotopia.org, Dominick Grift Subject: [PATCH 3/8] libsemanage: update to version 3.4 Date: Thu, 19 May 2022 20:54:15 +0200 Message-Id: <20220519185418.168937-4-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220519185418.168937-1-dominick.grift@defensec.nl> References: <20220519185418.168937-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220519_115450_018701_CC35E449 X-CRM114-Status: UNSURE ( 8.24 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 0a8c177d Update VERSIONs to 3.4 for release. 9df28c24 Update VERSIONs to 3.4-rc3 for release. 2a167d11 Update VERSIONs to 3.4-rc2 for release. 0ba7e231 libsemanage: ignore missing prototypes in swig g [...] Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [45.80.168.93 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 0a8c177d Update VERSIONs to 3.4 for release. 9df28c24 Update VERSIONs to 3.4-rc3 for release. 2a167d11 Update VERSIONs to 3.4-rc2 for release. 0ba7e231 libsemanage: ignore missing prototypes in swig generated code e1b7b290 libsemanage/tests: Remove unused functions 031c0330 libsemanage/tests: Declare file local functions as static fd67b2f4 Correct misc typos e205e3e8 libsemanage: avoid double fclose 73562de8 Update VERSIONs to 3.4-rc1 for release. 28510556 libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() c7a3b93e libsemanage: Fall back to semanage_copy_dir when rename() fails c79d38ff libsemanage: allow spaces in user/group names 286a679f libsemanage: optionally rebuild policy when modules are changed externally df9f71ab libsemanage: clean up semanage_direct_commit() a bit d01ec02f libsemanage: move compressed file handling into a separate object 67e6201b semodule,libsemanage: move module hashing into libsemanage 6f9e7719 libsemanage: add missing include to boolean_record.c f7ec4b4a libsemanage: add extern prototype for legacy function 35273aa2 libsemanage: include paired header for prototypes 1927c1df libsemanage: mark local functions static 7e30a10b Use IANA-managed domain example.com in examples fe01a91a libsemanage/tests: free memory ea539017 libsemanage: do not sort empty records Signed-off-by: Dominick Grift --- package/libs/libsemanage/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/libsemanage/Makefile b/package/libs/libsemanage/Makefile index 8337b90bda..060a5caab0 100644 --- a/package/libs/libsemanage/Makefile +++ b/package/libs/libsemanage/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libsemanage -PKG_VERSION:=3.3 +PKG_VERSION:=3.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=84d0ec5afa34bbbb471f602d8c1bf317d12443d07852a34b60741d428d597ce8 +PKG_HASH:=93b423a21600b8e3fb59bb925d4583d1258f45bebf63c29bde304dfd3d52efd6 PKG_MAINTAINER:=Thomas Petazzoni PKG_LICENSE:=LGPL-2.1 PKG_LICENSE_FILES:=COPYING From patchwork Thu May 19 18:54:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1633474 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=jqOxaU9L; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=LXNgWYpq; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L3zdc6HXDz9sGS for ; Fri, 20 May 2022 04:58:12 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=C5rERKBpboEfCOt/T215weoEWvLl/ywZuboOzshEZdw=; b=jqOxaU9L1td7ZL MHM3EIgwjWOY3u648gzm730Xwtr5xVeTBebqTsL19PLEyiBqUhc3k80ek2krG9/79O/2H5A/Neyr0 JCApyQk84Bl4KffO9R5UMSLsVTG2A0V8CPIFuwD8ZakoA2eeI0RZl+v0sBVnRwQyejYoA41TTd4cn AfPltUyaoyEAGveDf23wtQcfliTLCg6S14KgnJ+4sWkOmSDE8mPAFAEM33bZ2mD00DAs9+uz5O/Mz Mp7uRvyBwq6zyYc56IfKHTRdDytNJJkiqzrrZ4UGb6Vh4zMisd3caU1EzUT8LmmDUSsciT7oRWfSZ dKb+ZWY/XAXtWCEN/ySw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIT-0090AG-Q5; Thu, 19 May 2022 18:54:53 +0000 Received: from markus.defensec.nl ([45.80.168.93]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIP-00908o-NC for openwrt-devel@lists.openwrt.org; Thu, 19 May 2022 18:54:51 +0000 Received: from brutus.. (brutus.lan [IPv6:2a10:3781:2099::438]) by markus.defensec.nl (Postfix) with ESMTPSA id 377F4FC094C; Thu, 19 May 2022 20:54:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1652986483; bh=QAgPmZkoWgGDy1Fu2F+Mlqi+kbon5CzdXMGA3jVvmmc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LXNgWYpq2prap4s+I/zLMPypZvhcsGQV+2CS6vjAXyzNq3NwVolzkfGqVV/npCi4/ LEYkGw7pImIHg+BwnOEfVNfWDG7b6vUdn/nEqCI4z/oxWjfA6QWhxA+OOu7A6B52R7 L5hVPFevtUB61CQ69Zc8tpdmoiOhvWBA2xpi1PyY= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: daniel@makrotopia.org, Dominick Grift Subject: [PATCH 4/8] checkpolicy: update to version 3.4 Date: Thu, 19 May 2022 20:54:16 +0200 Message-Id: <20220519185418.168937-5-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220519185418.168937-1-dominick.grift@defensec.nl> References: <20220519185418.168937-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220519_115450_019361_261B6905 X-CRM114-Status: UNSURE ( 7.77 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 0a8c177d Update VERSIONs to 3.4 for release. 9e096e6e libsepol, checkpolicy: add support for self keyword in type transitions 9df28c24 Update VERSIONs to 3.4-rc3 for release. 5645f803 checkpolicy: ment [...] Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [45.80.168.93 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 0a8c177d Update VERSIONs to 3.4 for release. 9e096e6e libsepol,checkpolicy: add support for self keyword in type transitions 9df28c24 Update VERSIONs to 3.4-rc3 for release. 5645f803 checkpolicy: mention class name on invalid permission 2a167d11 Update VERSIONs to 3.4-rc2 for release. 73562de8 Update VERSIONs to 3.4-rc1 for release. c900816e libsepol: Populate and use policy name 4be0e2e1 checkpolicy: allow wildcard permissions in constraints 01b88ac3 checkpolicy: warn on bogus IP address or netmask in nodecon statement 8a8275a5 checkpolicy: ignore possible string truncation cc671d6a checkpolicy: use correct unsigned format specifiers Signed-off-by: Dominick Grift --- package/utils/checkpolicy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/checkpolicy/Makefile b/package/utils/checkpolicy/Makefile index e9c10e293f..1e7cfbe541 100644 --- a/package/utils/checkpolicy/Makefile +++ b/package/utils/checkpolicy/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=checkpolicy -PKG_VERSION:=3.3 +PKG_VERSION:=3.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=25c84edfa3a10ab8cb073b97bc55cb66377532d54a2723da9accdabd05431485 +PKG_HASH:=293851b97642cbdb1040b801a2ca6edd9f7e462031ceb472c97c2e095b9572d7 PKG_INSTALL:=1 PKG_BUILD_DEPENDS:=libselinux HOST_BUILD_DEPENDS:=libselinux/host From patchwork Thu May 19 18:54:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1633479 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=zO9emaZp; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=PeAWkJse; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L3zgS3kKlz9sGS for ; Fri, 20 May 2022 04:59:48 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=+1W2HwpSgSfnUMpz5ciMKV20RVVF3Hc8mHJeM3Iy4T0=; b=zO9emaZpLMjQS7 UWuZ5pUzyYN2ajUhhc9djrdut+WAkeAlg6w7RqVUCSE0MYG8Uz4AeVspTM8Aa6fW/77ZTBbK7T7Ee An5zy5p4zkwMXw94VnQ/XKa4tb2PTYB5csB4fJrpxbAYwjNvtzLp4HAhHfV0BdX2PyrKJfrLSpxoZ 9PjiE86XCMT1/moBd2A16RaWgB/w2t0zSmrd+qfYyiLNmG1UWUL0DL8bcuYdaHaiIYCMecTubSPYQ vRBR2vZu9xI0hHG8OPOUnbqq9EGyKknTKxvpC5yf8+BAOeOIJ79reewTCyHzYXAtz3ZKaB6QeYpym ghSgxqk6oKFGGaN4WyRA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlKE-0090oS-Ct; Thu, 19 May 2022 18:56:42 +0000 Received: from markus.defensec.nl ([2a10:3781:2099::123]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIT-0090AD-Bg for openwrt-devel@lists.openwrt.org; Thu, 19 May 2022 18:54:55 +0000 Received: from brutus.. (brutus.lan [IPv6:2a10:3781:2099::438]) by markus.defensec.nl (Postfix) with ESMTPSA id 6DF96FC0957; Thu, 19 May 2022 20:54:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1652986483; bh=MjzhmHSp3/HkwcuNaV1bBu76exiarEIGbjf8d1VTHjo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PeAWkJseCUUAh46fqrwQZDNLqNnSsyeHs/+ZJBvG48TyRdSJ4EWCc9CiE/o9XH7jl uL1Dia7kAJ9m67q1rYVM+8pHq0rHXUDmE+7K6vuI4YfbhZrCcUNXJWdqcQYbM8rTBY EOKKgbwIY4fifUbQoeOp+T65G/mqOmfBaNFoS8ME= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: daniel@makrotopia.org, Dominick Grift Subject: [PATCH 5/8] policycoreutils: update to version 3.4 Date: Thu, 19 May 2022 20:54:17 +0200 Message-Id: <20220519185418.168937-6-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220519185418.168937-1-dominick.grift@defensec.nl> References: <20220519185418.168937-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220519_115453_606030_672CAE53 X-CRM114-Status: UNSURE ( 8.88 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 0a8c177d Update VERSIONs to 3.4 for release. 9df28c24 Update VERSIONs to 3.4-rc3 for release. 2b6f7e96 setfiles: introduce the -C option for distinguishing file tree walk errors b98626f1 setfiles: rem [...] Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2a10:3781:2099:0:0:0:0:123 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 0a8c177d Update VERSIONs to 3.4 for release. 9df28c24 Update VERSIONs to 3.4-rc3 for release. 2b6f7e96 setfiles: introduce the -C option for distinguishing file tree walk errors b98626f1 setfiles: remove useless "iamrestorecon" checks in option parsing fd9a851d setfiles: remove useless assignment and comment (after RHBZ#1926386) aab2498a setfiles: fix up inconsistent indentation 2a167d11 Update VERSIONs to 3.4-rc2 for release. fd67b2f4 Correct misc typos 5d8764db setfiles.8: -q is deprecated and has no effect df31981d policycoreutils: drop usage of egrep in fixfiles 73562de8 Update VERSIONs to 3.4-rc1 for release. 8aca100c Update translations from translate.fedoraproject.org 2d668b62 Split po/ translation files into the relevant sub-directories 8871fd60 policycoreutils/fixfiles: Use parallel relabeling c71d14e8 newrole: ensure password memory erasure 1af80898 newrole: check for crypt(3) failure 29e167a4 newrole: silence compiler warnings 09c994c2 newrole: add Makefile target to test build options 2d08c5dd semodule: add command-line option to detect module changes 67e6201b semodule,libsemanage: move module hashing into libsemanage 9229f8b3 policycoreutils: handle argument counter of zero b8004f05 policycoreutils: Improve error message when selabel_open fails 1cbce561 Modified Russian and English man pages to fix typo; REQUIREUSERS -> REQUIRESEUSERS c28763c4 semodule: Don't forget to munmap() data f37b3e94 semodule: Fix lang_ext column index ed4813be semodule: add -m | --checksum option 93902fc8 setfiles/restorecon: support parallel relabeling 081ac391 policycoreutils: mark local functions static fb68d036 policycoreutils: use string literal as format strings Signed-off-by: Dominick Grift --- package/utils/policycoreutils/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/policycoreutils/Makefile b/package/utils/policycoreutils/Makefile index f724deda97..3fafe3343a 100644 --- a/package/utils/policycoreutils/Makefile +++ b/package/utils/policycoreutils/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=policycoreutils -PKG_VERSION:=3.3 +PKG_VERSION:=3.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=4199040ced8a81f2ddd0522b4faf2aba62fc821473f4051dc8474fb1c4a01078 +PKG_HASH:=bf049f31a7572a65cb796fa575f56c53327c839027d57782965c1682b33a7108 PKG_INSTALL:=1 HOST_BUILD_DEPENDS:=libsemanage/host gettext-full/host PKG_BUILD_DEPENDS:=BUSYBOX_CONFIG_PAM:libpam gettext-full/host From patchwork Thu May 19 18:54:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 1633478 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=gIUgRr8M; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=WAiTVUDX; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L3zfh6ZB7z9sGS for ; Fri, 20 May 2022 04:59:08 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=mIcpJZddZhco08MWEI9oSODr/s1lqmZliFHsi+s2eL0=; b=gIUgRr8MmqLaai wICBfM7nC7fOELD5n+N0A4NvWPN5QSY/AwzQ8OgGdjirio00VHXod63Ly3XH3EkXivi9p/D/9IcuD FIT08XwCdnFHDpMdhbPRljWn/NU5MDynx+MwECcBwuRZaAC/RzwsdEuGa56vju4EIYMuQbsdIVVk1 ZRAr1FfgtIkRMFGLexU6QhMns/QkuJoqAMerw47aO2jzA/mrY6LqMTWgNkMlCRlxF680l5pj9aabv ojllk11kYECfPjIkvEQLJUE27fOJ4ipFALeKUBO/vW2wTr171EIf/Dxh0sFVHwZYhImXOyE8T1YWP 2Es5eHYfvd2BDpU4UaSQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlJk-0090Ye-3v; Thu, 19 May 2022 18:56:12 +0000 Received: from markus.defensec.nl ([45.80.168.93]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nrlIT-0090AE-Di for openwrt-devel@lists.openwrt.org; Thu, 19 May 2022 18:54:55 +0000 Received: from brutus.. (brutus.lan [IPv6:2a10:3781:2099::438]) by markus.defensec.nl (Postfix) with ESMTPSA id BC6E5FC095B; Thu, 19 May 2022 20:54:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1652986483; bh=4NmFfku1gUWkIVBdwEvD5ePcGjndgYnwIrRayazUbIs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WAiTVUDXwMIuBWHdgbSqnQTg68AP5yzPdXMbGrmn3eXC6LghJljHAEgOiqXJE1bES k1Pbn2HW149/mFSYNdoxu8qA8HksnWe7rGKpfuunf25u1kZdghnRdypnBdNuK7sux+ XXgS8+Tzmb4myvGvFKYzrlIxR82BkWFQOqFrlo/4= From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: daniel@makrotopia.org, Dominick Grift Subject: [PATCH 6/8] secilc: update to version 3.4 Date: Thu, 19 May 2022 20:54:18 +0200 Message-Id: <20220519185418.168937-7-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220519185418.168937-1-dominick.grift@defensec.nl> References: <20220519185418.168937-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220519_115453_681806_BE7621ED X-CRM114-Status: UNSURE ( 7.69 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.9 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: 0a8c177d Update VERSIONs to 3.4 for release. 539b0660 libsepol/cil: add support for self keyword in type transitions 9df28c24 Update VERSIONs to 3.4-rc3 for release. 2a167d11 Update VERSIONs to 3.4-rc [...] Content analysis details: (-0.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [45.80.168.93 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org 0a8c177d Update VERSIONs to 3.4 for release. 539b0660 libsepol/cil: add support for self keyword in type transitions 9df28c24 Update VERSIONs to 3.4-rc3 for release. 2a167d11 Update VERSIONs to 3.4-rc2 for release. 73562de8 Update VERSIONs to 3.4-rc1 for release. 8243b3e8 secilc: kernel policy language is infix 03b1dcac secilc/docs: Document the optional file type for genfscon rules Signed-off-by: Dominick Grift --- package/utils/secilc/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/secilc/Makefile b/package/utils/secilc/Makefile index 6f059bfc81..1c297a605d 100644 --- a/package/utils/secilc/Makefile +++ b/package/utils/secilc/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=secilc -PKG_VERSION:=3.3 +PKG_VERSION:=3.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=2c5e1a5d417baf1d2aa3eac294e12c3aac7184a5ef6a779dcbe469ed756e8651 +PKG_HASH:=4e3e17bb54d5dd2fcd3bb2e528ad6571c5ad159f0c119172dd70c9514e962d33 HOST_BUILD_DEPENDS:=libsepol/host PKG_MAINTAINER:=Dominick Grift