From patchwork Fri Mar 28 14:28:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 2066513 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=OkI/KHwU; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=TWQMlD9v; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZPNvc01YBz1yHM for ; Sat, 29 Mar 2025 01:58:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=kEnHW/Zf/E0Z5Wewv3VJue7bte2YZzZn4wfOQswHv3g=; b=OkI/KHwUU87E/L zHPrjlnmwm0fVnIkL2SxBLq/GHI1q6xdIwUW29BaKPW3dtVx1BauJuzRAfNSkgC+QaxbRRewiGxbE qBjDC+1xl/NpCZtqq2Wk6Ebjp+8QGR1iWUcufZXg1a0jmTqfJB6BkIhoBvzV2x1CHFb0mxbVlFqBd OE+PdTep3W5m0cqYtfy2xA01JkaSem/dIqEv9apur4eTZyiTPNWXXMgr+2PF1LNZPfcHnS5tkQ4gj 7gdUgd7GyclOo1rdX2CMt6LGWcfwQiicIgigLToVoiAj7qnsjuFZRIx9nbEIwK4rV2z7v0/UH/6/P JDSBPcMNeRUZMqqtSTJw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyB9B-0000000DfnI-02Ma; Fri, 28 Mar 2025 14:57:25 +0000 Received: from markus.defensec.nl ([45.80.168.93]) by bombadil.infradead.org with esmtps (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyAhD-0000000DbB0-3lj4 for openwrt-devel@lists.openwrt.org; Fri, 28 Mar 2025 14:28:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1743172095; bh=h5Yb+iX4ymSqcabfR8j27T4IxPlygIfKugDkDlDQiGo=; h=From:To:Cc:Subject:Date:From; b=TWQMlD9v90fsNMlXwxSwNWOv0tWpgi4HPd+4StTiIQhnlV/obKKMJmoGLKHvTHD8W V+vBX8PucNRgO3NQkkBvw7W+1HJV2YgvHR2K8W4zq9ldFJo1mwGQ1Ns2M8TF1blOAv /o0O/BXiTSYiyoHdCUonGcKvH93NpCBZxtkerlFs= Received: from template-20250210123507.. (nimbus.lan [IPv6:2a10:3781:2099::514]) by markus.defensec.nl (Postfix) with ESMTPSA id 46367160DA6; Fri, 28 Mar 2025 15:28:15 +0100 (CET) From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 1/6] libsepol: update to version 3.8.1 Date: Fri, 28 Mar 2025 15:28:06 +0100 Message-ID: <20250328142811.4096141-1-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.47.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250328_072832_543038_1FCBB3A6 X-CRM114-Status: GOOD ( 14.25 ) X-Spam-Score: -2.1 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. 8bbb51c9 libsepol: fix typos 4dd442f9 libsepol/cil: free nl [...] Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [45.80.168.93 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [45.80.168.93 listed in bl.score.senderscore.com] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [45.80.168.93 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [45.80.168.93 listed in sa-accredit.habeas.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. 8bbb51c9 libsepol: fix typos 4dd442f9 libsepol/cil: free nlmsg hashtable on error e0f61d3b Update VERSIONs to 3.8-rc3 for release. b234b710 libsepol: add missing word separators in error message adf2e609 Update VERSIONs to 3.8-rc2 for release. c28d9203 libsepol: avoid unnecessary memset(3) calls in hashtab d49a3ecb libsepol: harden availability check against user CFLAGS 2dec1581 Update VERSIONs to 3.8-rc1 for release. 77da320e libsepol/tests: add cond xperm neverallow tests c8f9dff3 libsepol: indent printed allow rule on assertion failure 1fd41f48 libsepol/cil: add support for xperms in conditional policies 438b16d1 libsepol: add support for xperms in conditional policies 18eb531b libsepol: misc assertion cleanup be11f48b libsepol: Remove special handling of roles in module_to_cil.c 7492632a libsepol/cil: Optionally allow duplicate role declarations b33da68f libsepol: Support nlmsg xperms in assertions cd8302f0 libsepol: Initialize "strs" on declaration 00fb52ce libsepol/cil/cil_post: Initialize tmp on declaration 575d1cfa libsepol/mls: Do not destroy context on memory error 0dac9813 libsepol/cil: Initialize avtab_datum on declaration 9c7c6e15 libsepol: Add policy capability netlink_xperm ba7945a2 libsepol: Support nlmsg extended permissions 0190a658 libsepol/cil: Allow dotted names in aliasactual rules 6b5626fd libsepol/cil: Check that sym_index is within bounds 1f080ffd libsepol/sepol_compute_sid: Do not destroy uninitialized context 2eb286bc Release 3.7 589e2dba libsepol: check scope permissions refer to valid class 1efc1214 libsepol: Do not reject all type rules in conditionals when validating e6c99f34 Update VERSIONs to 3.7-rc3 for release. c9ed9ea6 libsepol: contify function pointer arrays a02fccf8 tree-wide: fix misc typos 8c1110d1 libsepol: validate attribute-type maps d034a3e6 libsepol: rework permission enabled check 52e5c306 libsepol: move unchanged data out of loop a3332e57 libsepol: hashtab: save one comparison on hit 9ef1a835 Update VERSIONs to 3.7-rc2 for release. d506c0b1 libsepol: include prefix for module policy versions b77d851f libsepol: validate type-attribute-map for old policies fc3de95d libsepol: only exempt gaps checking for kernel policies 1c91bc84 libsepol: reject self flag in type rules in old policies 6a223cb1 Update VERSIONs to 3.7-rc1 for release. 1f173f8e libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) d3d975ae libsepol: validate class permissions fa3a1bca libsepol: improve policy lookup failure message e81a05a5 libsepol: constify function pointer arrays 8c64e5bb libsepol: validate access vector permissions c071aa2e libsepol/cil: Check common perms when verifiying "all" af543f1b libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks 6f7ddf27 libsepol: reject MLS support in pre-MLS policies c205b924 libsepol: Fix buffer overflow when using sepol_av_to_string() fe16f586 checkpolicy, libsepol: Fix potential double free of mls_level_t 162a0884 libsepol/cil: ensure transitivity in compare functions b52e27ae libsepol: ensure transitivity in compare functions fbd6c0f0 libsepol: use typedef 90db06c5 libsepol: Use a dynamic buffer in sepol_av_to_string() 3e3661f6 libsepol/src/Makefile: fix reallocarray detection a0ff05ef libsepol: reorder calloc(3) arguments 97fa708d Update VERSIONs to 3.6 for release. e54bedce libsepol: validate empty common classes in scope indices d0b1400a libsepol: extended permission formatting cleanup a55cd374 libsepol: avoid integer overflow in add_i_to_a() 22d3609b libsepol: constify tokenized input 2752043d libsepol/cil: Clear AST node after destroying bad filecon rule 89dd980c Add CPPFLAGS to Makefiles 139afe58 libsepol: simplify string formatting 4724538b libsepol: reject linking modules with no avrules 00cfecf6 libsepol/fuzz: handle empty and non kernel policies 68c3a999 libsepol: reject invalid class datums 4f1435dd libsepol: use correct type to avoid truncations 14f76201 libsepol: validate conditional type rules have a simple default type 0f5a8dd3 Update VERSIONs to 3.6-rc2 for release. fdb536f3 libsepol: avoid fixed sized format buffer for xperms 285d7cc8 libsepol: avoid fixed sized format buffer for xperms d3c2992e libsepol: add check for category value before printing 903e8cf2 libsepol/cil: Do not allow classpermissionset to use anonymous classpermission 9b7d560a libsepol/cil: Give warning for name that has different flavor 18657ad1 libsepol/cil: Add pointers to datums to improve writing out AST fb0a4ce1 libsepol/cil: Allow paths in filecon rules to be passed as arguments 9e1a8ee3 libsepol/cil: Refactor Named Type Transition Filename Creation dc676ab1 libsepol/cil: Allow IP address and mask values to be directly written 557cda59 libsepol/cil: Refactor and improve handling of order rules 19656bea libsepol/cil: Use struct cil_db * instead of void * 0dd926f4 libsepol/tests: Update the order of neverallow test results 08be6357 libsepol/cil: use DJB2a string hash function d03d506a libsepol: use DJB2a string hash function 26cec7ca libsepol: include length squared in hashtab_hash_eval() 4f6a3abc libsepol: validate common classes have at least one permissions b8f52459 libsepol: update policy capabilities array 541aab88 libsepol: avoid memory corruption on realloc failure 5e425b41 libsepol: avoid leak in OOM branch 27fe2b29 libsepol: set number of target names cf6ddded libsepol: validate the identifier for initials SID is valid bd1b7848 libsepol: enhance saturation check 44375cb4 libsepol: adjust type for saturation check 84a5457f libsepol: use str_read() where appropriate 1aaf5943 Update VERSIONs to 3.6-rc1 for release. 7cf2bfb5 libsepol: reject unsupported policy capabilities 7b754f70 libsepol: more strict validation 80eb2192 libsepol: validate constraint depth 4670a630 libsepol: validate default type of transition is not an attribute f9fd2500 libsepol: avtab: check read counts for saturation b1b3467a libsepol: reject avtab entries with invalid specifier 01da3a9c libsepol: Fix the version number for the latest exported function 5d5a871c libsepol: Export the cil_write_post_ast function 2fe8a495 libsepol/cil: Add cil_write_post_ast function b0ed365e libsepol/cil: Process deny rules 9d5ca92b libsepol/cil: Add cil_tree_node_remove function 085e3300 libsepol/cil: Add cil_list_is_empty macro 34725469 libsepol/cil: Parse and add deny rule to AST, but do not process 1936a23a libsepol: Use ERR() instead of log_err() 902f0f94 libsepol: update CIL generation for trivial not-self rules e55621c0 libsepol/cil: Add notself and other support to CIL 2b3dd2c7 libsepol/cil: Do not call ebitmap_init twice for an ebitmap cd575089 libsepol: Changes to ebitmap.h to fix compiler warnings 14f35fde Do not automatically install Russian translations c3d13010 libsepol: Remove the Russian translations 8b0acb05 libsepol: ebitmap: avoid branches for iteration 1c19dc4f libsepol: expand: check for memory allocation failure ace9ec17 libsepol: expand: use identical type to avoid implicit conversion 0d144506 hashtab: update 511f4347 libsepol: validate: use fixed sized integers 8963492b checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: update my email e81c466b libsepol/cil: Fix class permission verification in CIL 40674f48 Revert "checkpolicy,libsepol: move transition to separate structure in avtab" 6776946d Revert "checkpolicy,libsepol: move filename transitions to avtab" 6e6444a0 Revert "checkpolicy,libsepol: move filename transition rules to avrule" 97450c62 Revert "libsepol: implement new kernel binary format for avtab" e3388c76 Revert "libsepol: implement new module binary format of avrule" 748614b7 Revert "checkpolicy,libsepol: add prefix/suffix support to kernel policy" 311dc446 Revert "checkpolicy,libsepol: add prefix/suffix support to module policy" a77a8b2d Revert "libsepol/cil: add support for prefix/suffix filename transtions to CIL" 1d207355 libsepol/fuzz: more strict fuzzing of binary policies df666f70 libsepol: check for overflow in put_entry() 0e2a78d5 libsepol: free initial sid names 0c50de03 libsepol/cil: add support for prefix/suffix filename transtions to CIL c39ebd07 checkpolicy,libsepol: add prefix/suffix support to module policy 1174483d checkpolicy,libsepol: add prefix/suffix support to kernel policy 11013986 libsepol: implement new module binary format of avrule 7b77edd9 libsepol: implement new kernel binary format for avtab 565d8748 checkpolicy,libsepol: move filename transition rules to avrule e169fe26 checkpolicy,libsepol: move filename transitions to avtab de708edf checkpolicy,libsepol: move transition to separate structure in avtab 02e471f1 libsepol: add support for the new "init" initial SID 55b75a2c libsepol: stop translating deprecated intial SIDs to strings 30fe0f19 libsepol: replace log_err() by ERR() 5c35a7be libsepol: replace sepol_log_err() by ERR() b041ecc6 libsepol: drop duplicate newline in sepol_log_err() calls 808a43ab libsepol: drop message for uncommon error cases cae65d9a libsepol: expand: skip invalid cat 4ba8f7c3 libsepol: validate: reject XEN policy with xperm rules ac015a39 libsepol: validate: check low category is not bigger than high 4cf37608 libsepol: validate old style range trans classes 45a4fc77 libsepol: validate some object contexts f5d664eb libsepol: dump non-mls validatetrans rules as such ae5a5d0a libsepol: rename bool identifiers 893b50c6 libsepol/tests: rename bool indentifiers 61f21385 libsepol: rename struct member e9072e7d libsepol/tests: add tests for minus self neverallow rules 4a43831f libsepol/tests: add tests for not self neverallow rules ec78788c libsepol: Add not self support for neverallow rules Signed-off-by: Dominick Grift --- package/libs/libsepol/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile index b1a34d293e..e9072d01ea 100644 --- a/package/libs/libsepol/Makefile +++ b/package/libs/libsepol/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libsepol -PKG_VERSION:=3.5 +PKG_VERSION:=3.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=78fdaf69924db780bac78546e43d9c44074bad798c2c415d0b9bb96d065ee8a2 +PKG_HASH:=0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf PKG_MAINTAINER:=Thomas Petazzoni PKG_CPE_ID:=cpe:/a:selinuxproject:libsepol From patchwork Fri Mar 28 14:28:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 2066514 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=wJC4lYSs; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=fNpvdLbJ; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZPNvc07Gzz1yHN for ; Sat, 29 Mar 2025 01:58:51 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=oXFIrGRc9qfIcfpNviVHPXM8WGTLG7KqlVg8s+fITyM=; b=wJC4lYSsKz4c0n WGPnGqZengbMVRLWZZ4KxolUUxhGMxWfqaMHaZCi3gd4u1qpoCv4VuVrEfHvFsWEciesuRrw11c0H v5Ao9kVTHKeO5Y++LFjht5wxQMkEtXba7Q5H/ixX/0N3Ub4W5yge3VG0/omFbhW63zpqSsL+LcZu6 E7E/WpPtwCEwMSp24hOdaGRuIIdCf/Ay44q6oZS1aaEupvUsykmDoQg/JvqtUaNc8N4q5oab1CqtC ijTVcYiF3Dr9sJSJZT21aDQSScsTK48l1v7vIr/i6mEf+q9v7PCNFRyOsUJzBuA3GBZDckXoPdRHm VkTmk7g2f+0ydaNF2r+Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyB9C-0000000Dfno-1tP5; Fri, 28 Mar 2025 14:57:26 +0000 Received: from markus.defensec.nl ([2a10:3781:2099::123]) by bombadil.infradead.org with esmtps (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyAhD-0000000DbB1-3Whh for openwrt-devel@lists.openwrt.org; Fri, 28 Mar 2025 14:28:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1743172095; bh=GxrSxqJ/R5Qen2LUfEpcOiplOfNds/wTBHUha18rmkU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fNpvdLbJE6Wybhe70AZJWv6K8aexV8CEJbn8TPRC+trPB6koOn4+hxnDFTTZBYob0 tbM4oHrU6HmKfpElMzNu4xSQKzETRy8urA6x+bzLd5kOo87Wz9HYuqOMsAeHSO7vPb oho2edmzCHGXZsZHzyPlukbWn9b7t9SJybSUapU0= Received: from template-20250210123507.. (nimbus.lan [IPv6:2a10:3781:2099::514]) by markus.defensec.nl (Postfix) with ESMTPSA id 5E578160DA7; Fri, 28 Mar 2025 15:28:15 +0100 (CET) From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 2/6] libselinux: update to version 3.8.1 Date: Fri, 28 Mar 2025 15:28:07 +0100 Message-ID: <20250328142811.4096141-2-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250328142811.4096141-1-dominick.grift@defensec.nl> References: <20250328142811.4096141-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250328_072832_563701_8109E8C7 X-CRM114-Status: GOOD ( 11.72 ) X-Spam-Score: -2.8 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 45fdf23c libselinux: Close old selabel handle when setting a new one 9833f0d2 Update VERSIONs to 3.8-rc4 for [...] Content analysis details: (-2.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2a10:3781:2099:0:0:0:0:123 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 45fdf23c libselinux: Close old selabel handle when setting a new one 9833f0d2 Update VERSIONs to 3.8-rc4 for release. 2cb24a20 libselinux: set errno in failure case c8a5aa74 libselinux/fuzz: handle inputs with trailing data d13d13ea libselinux/fuzz: readjust load_mmap() update e0f61d3b Update VERSIONs to 3.8-rc3 for release. 08e0a348 libselinux: restore previous regex spec ordering 6c8f6390 libselinux/fuzz: update for lookup_all() change 9395cc03 Always build for LFS mode on 32-bit archs. adf2e609 Update VERSIONs to 3.8-rc2 for release. f50abe2a libselinux/utils: drop reachable assert in sefcontext_compile 2db6d12a libselinux/utils: use correct error handling 3ff5f9ef libselinux: simplify string formatting 4d436e4b libselinux: use vector instead of linked list for substitutions 89dd0b23 libselinux: avoid memory allocation in common file label lookup 742a3543 libselinux: harden availability check against user CFLAGS 856895ca libselinux: move functions out of header file 8efed460 libselinux: avoid dynamic allocation in openattr() 39174cfd libselinux: make use of calloc(3) 2dec1581 Update VERSIONs to 3.8-rc1 for release. 20175564 libselinux: support parallel selabel_lookup(3) 8997f543 libselinux: add selabel_file(5) fuzzer daa3e6e9 libselinux: remove unused hashtab code 92306daf libselinux: rework selabel_file(5) database 90b1c237 libselinux: sidtab updates e5fd7b07 libselinux: add unique id to sidtab entries 162d8ed0 libselinux: use more appropriate types in sidtab 44f7af06 libselinux/utils: introduce selabel_compare f18f9e5e libselinux/matchpathcon: RESOURCE_LEAK: Variable "con" 33ac7c96 libselinux/setexecfilecon: Remove useless rc check cecbff93 selinux: set missing errno in failure branch 48f66b6a selinux: free memory in error branch 6376f90d libselinux: avoid errno modification by fclose(3) 8e0e718b libselinux: fix swig bindings for 4.3.0 9b83fe3d libselinux: formally deprecate security_compute_user() b4117420 libselinux: rename hashtab functions 463584cb libselinux: deprecate security_disable(3) 017d7d53 libselinux: Fix integer comparison issues when compiling for 32-bit 7974aea5 libselinux/restorecon: Include f398662e libselinux: set free'd data to NULL 2eb286bc Release 3.7 e6c99f34 Update VERSIONs to 3.7-rc3 for release. f55f7648 libselinux: constify avc_open(3) parameter a02fccf8 tree-wide: fix misc typos 2b6f639a libselinux: avoid pointer dereference before check c8b1f592 libselinux: free empty scandir(3) result 9ef1a835 Update VERSIONs to 3.7-rc2 for release. 6a223cb1 Update VERSIONs to 3.7-rc1 for release. f1dadd19 libselinux: constify selinux_set_mapping(3) parameter d370cbfc libselinux/man: add format attribute for set_matchpathcon_printf(3) c476389b libselinux/man: use void in synopses 06b326d4 libselinux/man: sync const qualifiers 9f06e045 libselinux/man: correct file extension of man pages 6e2f7033 libselinux: avoid logs in get_ordered_context_list() without policy af543f1b libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks fb497895 libselinux/utils/selabel_digest: pass BASEONLY only for file backend 5876aca0 libselinux: free data on selabel open failure 994b9b20 libselinux/utils/selabel_digest: avoid buffer overflow 5f5edd48 libselinux/utils/selabel_digest: cleanup c774f15a libselinux/utils/selabel_digest: drop unsupported option -d 82195e77 libselinux: use reentrant strtok_r(3) dfe30d9d libselinux: Fix ordering of arguments to calloc b18fddef libselinux: reorder calloc(3) arguments 454a9f24 libselinux: enable usage with pedantic UB sanitizers ebf41685 libselinux: support huge passwd/group entries 846550d7 libselinux: use logging wrapper in getseuser(3) and get_default_context(3) family 65c8fd45 libselinux: fail selabel_open(3) on invalid option 7f925776 libselinux: align SELABEL_OPT_DIGEST usage with man page 1dd04338 libselinux/utils: improve compute_av output 1d5c3b72 libselinux/utils: free allocated resources abd18ec3 libselinux/man: sync selinux_check_securetty_context(3) 1daa91b2 libselinux/man: mention errno for regex compilation failure 97fa708d Update VERSIONs to 3.6 for release. 5939fb96 libselinux: state setexecfilecon(3) sets errno on failure 4c8bf60f libselinux: always set errno on context translation failure 00a1cf46 libselinux: update const qualifier of parameters in man pages 89dd980c Add CPPFLAGS to Makefiles 0f5a8dd3 Update VERSIONs to 3.6-rc2 for release. f1178a13 libselinux: use DJB2a string hash function d858afca libselinux: fix memory leak in customizable_init() 9fcf4cca libselinux: update Python binding 1aaf5943 Update VERSIONs to 3.6-rc1 for release. cb8289c2 libselinux: introduce reallocarray(3) 3dad44a1 libselinux: cast to unsigned char for character handling function 674470fd libselinux/utils: update getdefaultcon 6df403d5 libselinux: set errno on label lookup failure 168edd1c libselinux: free elements on read_spec_entries() failure dcb8e1bf libselinux/utils: drop include of internal header file c81c76cb libselinux: simplify internal selabel_validate prototype 9911f2ac libselinux: check for stream rewind failures 275daa4e libselinux: avoid unused function 25a18110 libselinux: fix logic for building android backend 0b93e30c libselinux: update string_to_mode() e28f6a8a libselinux/utils: use correct type for backend argument 0eb989f6 libselinux: parameter simplifications 4eea9948 libselinux: avoid regex serialization truncations f1a8afc2 libselinux/utils: use type safe union assignment 92b1e5b6 libselinux: simplify zeroing allocation b4007663 libselinux: constify selabel_cmp(3) parameters 9c668bfd libselinux: drop unnecessary warning overrides bfff3417 libselinux: drop obsolete optimization flag 6ec7a49c libselinux: misc label cleanup 3459dfd9 libselinux/utils: update selabel_partial_match 14f35fde Do not automatically install Russian translations 84c195e1 libselinux: Remove the Russian translations 8e6e0443 libselinux: Remove the Russian translations 8963492b checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: update my email f189e8af libselinux,policycoreutils,python,semodule-utils: de-brand SELinux ec35d1d8 libselinux/utils: introduce getpolicyload d8edd363 libselinux: add check for calloc in check_booleans d596efb4 libselinux: Add examples to man pages 2c7b71db libselinux: performance optimization for duplicate detection 4a420508 libselinux: adapting hashtab to libselinux d95bc8b7 libselinux: migrating hashtab from policycoreutils c9b3cbb6 libselinux: set CFLAGS for pip installation Signed-off-by: Dominick Grift --- package/libs/libselinux/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/libselinux/Makefile b/package/libs/libselinux/Makefile index f90d4993c8..9f65f5bf65 100644 --- a/package/libs/libselinux/Makefile +++ b/package/libs/libselinux/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libselinux -PKG_VERSION:=3.5 +PKG_VERSION:=3.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19 +PKG_HASH:=ec2d2789f931152d21c1db1eb4bc202ce4eccede34d9be9e360e3b45243cee2c PKG_LICENSE:=libselinux-1.0 PKG_LICENSE_FILES:=LICENSE From patchwork Fri Mar 28 14:28:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 2066509 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=NWNdb2z+; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=dn8S/wxb; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZPNvf4QSQz1yHS for ; Sat, 29 Mar 2025 01:58:54 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=eWy1oZRw8DIpXjsDWVZ/qW5EYijL/3m/yc/+3CXmaGw=; b=NWNdb2z+tKLuAi I6UScsIcGJL/oCru7tkOUlnh1LsS8TcOTWKsBy5qOKCqyHzBDW2BkmgB7Y62dQbiouKAJE0+JgNdi jTKM8q/ZzL/0jIxwjhzjtV5Jkejbamo8BWiHfncYedq4QmkDoXBSkg5+NZp9IKxSamDPHPRGMVBJ/ nbR2fILvJGKa4tg9ElUoGisGYLljkH0n39LD5X8/bAzeAhr4xozpkQvH4YDOMypRCoeUOMaopqqZ3 y222FrO+MeRwFU3nrmnUL7G7N/pCJ58yOwd23p90J+yiO9PAwummou3NW0WsyuFgfDrzbbkprOSQP VYPK5bNVTKhpzSo93n8w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyB99-0000000Dfm6-0rl4; Fri, 28 Mar 2025 14:57:23 +0000 Received: from markus.defensec.nl ([2a10:3781:2099::123]) by bombadil.infradead.org with esmtps (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyAhD-0000000DbB3-3hAI for openwrt-devel@lists.openwrt.org; Fri, 28 Mar 2025 14:28:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1743172095; bh=mL+YFy1YBe1OENjc6ffiYgQ2E9ILylizVHidTcQf7gg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dn8S/wxbOOrcuULSMKz4kXzIM4Dp5laLQEJ/BmO3wcZwJP+K0tV+iA+iCVMhT+nk2 LwxRfmOatFIq4pgE6D0g+j06clZ59zMg2OUFZ8U4eG/wYg6dtSznqBWH2JaRtK+NDD o5nO6f7hbY91AWvWFgCQfZ1ytRS6WURpbXpLid5U= Received: from template-20250210123507.. (nimbus.lan [IPv6:2a10:3781:2099::514]) by markus.defensec.nl (Postfix) with ESMTPSA id 71C0E160DA8; Fri, 28 Mar 2025 15:28:15 +0100 (CET) From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 3/6] libsemanage: update to version 3.8.1 Date: Fri, 28 Mar 2025 15:28:08 +0100 Message-ID: <20250328142811.4096141-3-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250328142811.4096141-1-dominick.grift@defensec.nl> References: <20250328142811.4096141-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250328_072832_540282_A8FBFCBA X-CRM114-Status: GOOD ( 10.33 ) X-Spam-Score: -2.8 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. ec960f9b libsemanage: improve performance of semanage store rebuild 71aec30d Update VERSIONs to 3.8 for release. 9d107ab7 libsemanage: Set new restorecon [...] Content analysis details: (-2.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2a10:3781:2099:0:0:0:0:123 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. ec960f9b libsemanage: improve performance of semanage store rebuild 71aec30d Update VERSIONs to 3.8 for release. 9d107ab7 libsemanage: Set new restorecon handle before doing restorecon 9833f0d2 Update VERSIONs to 3.8-rc4 for release. e0f61d3b Update VERSIONs to 3.8-rc3 for release. 53078bb5 libsemanage: Mute error messages from selinux_restorecon adf2e609 Update VERSIONs to 3.8-rc2 for release. 2dec1581 Update VERSIONs to 3.8-rc1 for release. 4d30739d libsemanage: respect shell paths with /usr prefix 84220326 libsemanage/man: add documentation for command overrides 66da657a libsemanage: optimize policy by default d3a5ae39 libsemanage: simplify file deletion 2cc2d1ed libsemanage: check closing written files ba766fac libsemanage: drop duplicate newlines and error descriptions in error messages dcd755ab libsemanage: handle shell allocation failure 419a76e6 libsemanage: handle cil_set_handle_unknown() failure f1eb41d1 libsemanage: set O_CLOEXEC flag for file descriptors 0bafe764 libsemanage/tests: misc cleanup 6d55e802 libsemanage: skip sort of empty arrays bd2fd2cd libsemanage: avoid writing directly to stderr b592a3f6 libsemanage: avoid strerror(3) b56d9155 libsemanage: preserve errno during internal logging 9e0fead1 libsemanage: drop dead code d67c75c9 libsemanage: drop macros used once da0c99fa libsemanage: use size_t for hash input sizes c16e2cda libsemanage: use asprintf(3) to simplify code d57fbb1b libsemanage: adjust sizes to avoid implicit truncations cb54b1d3 libsemanage: avoid misc function pointer casts 198e43a8 libsemanage: constify read only parameters and variables c23fdfa0 libsemanage: simplify loop exit f8362ae3 libsemanage: constify function pointer structures df5c930a libsemanage: more strict value parsing 76cdfa78 libsemanage: introduce write_full wrapper 50f3cfd2 libsemanage: check for path formatting failures c6ecb896 libsemanage: simplify malloc plus strcpy via strndup 61856379 libsemanage: free ibdev names in semanage_ibendport_validate_local() 9554f448 libsemanage: use strtok_r for thread safety 73f958b0 libsemanage: avoid leak on realloc failure 44f13239 libsemanage: fix asprintf error branch 14a9d19a libsemanage: drop casts to same type 64773bda libsemanage: cast to unsigned char for character checking functions 6d300cae libsemanage: avoid const dropping casts 2ef9f2ef libsemanage: declare file local function tables static e6d03452 libsemanage: free resources on failed connect attempt 853c0d47 libsemanage: use unlink on non directory 7a35e57c libsemanage: check memory allocations e0161310 libsemanage: drop const from function declaration b0b3eccf libsemanage: drop duplicate include 81f92c1a libsemanage: drop unnecessary return statements 1774594b libsemanage: drop unnecessary declarations 6166d2ee libsemanage: drop dead variable 81860377 libsemanage: drop dead assignments d804f883 libsemanage: drop unused macro a587ed31 libsemanage: fix typo 5969e99b libsemanage: white space cleanup 267d4f9b libsemanage: open lock_file with O_RDWR 4b5abdcd libsemanage: Optionally allow duplicate declarations 9b4eff92 libsemanage/direct_api: INTEGER_OVERFLOW read_len = read() c76b2738 libsemanage: check for rewind(3) failure e38815d7 libsemanage: fix swig bindings for 4.3.0 d96f27bf libsemanage: Preserve file context and ownership in policy store 2eb286bc Release 3.7 e6c99f34 Update VERSIONs to 3.7-rc3 for release. 9ef1a835 Update VERSIONs to 3.7-rc2 for release. 6a223cb1 Update VERSIONs to 3.7-rc1 for release. a1fa1c8a libsemanage: support huge passwd entries 97fa708d Update VERSIONs to 3.6 for release. 89dd980c Add CPPFLAGS to Makefiles 2a46979e libsemanage: fix src/genhomedircon.c build on `gcc-14` (`-Werror=alloc-size`) 0f5a8dd3 Update VERSIONs to 3.6-rc2 for release. 1aaf5943 Update VERSIONs to 3.6-rc1 for release. 14f35fde Do not automatically install Russian translations 1303a6af libsemanage: Remove the Russian translations 8e3a5328 libsemanage/tests: use strict prototypes 3be312e0 libsemanage: fix memory leak in semanage_user_roles b5dffcd9 libsemanage/tests: rename bool identifiers a171ba62 libsemanage: include more parameters in the module checksum Signed-off-by: Dominick Grift --- package/libs/libsemanage/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/libsemanage/Makefile b/package/libs/libsemanage/Makefile index 9ebf9a6f21..4811af508b 100644 --- a/package/libs/libsemanage/Makefile +++ b/package/libs/libsemanage/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libsemanage -PKG_VERSION:=3.5 +PKG_VERSION:=3.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=f53534e50247538280ed0d76c6ce81d8fb3939bd64cadb89da10dba42e40dd9c +PKG_HASH:=7b39127b219cc70bfd935a4af6b0f2ba83d4b35c916f253c7e942c23ab490f07 PKG_MAINTAINER:=Thomas Petazzoni PKG_LICENSE:=LGPL-2.1 PKG_LICENSE_FILES:=COPYING From patchwork Fri Mar 28 14:28:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 2066510 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=AoUprtvX; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=r9t4jLKk; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZPNvb6zHtz1yGC for ; Sat, 29 Mar 2025 01:58:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=62Db65JTzmHKAKPKnWobBvxeyi32i71m1tGpvupY1IE=; b=AoUprtvXI1F9Ii J0iJEyh40nyr+7ku8U1aeslNzZSOV3HRk8NaoEU8sUi7s218lYsBrDhG0jw7Yf14RVUAm61GY2Y6E 5fhaGj+GlaJXcaIFUuHR9X6k+Oi2l12mBkbT9Q/F8xvjyC5HniLT2srwofEZXZS6ll8NqyOlIE7eK WtfczjABNBMwTldgmLxZLSpTsfqvE0SzPcvMWiWVmtMJal4fVN5EGN1E/38K7BOAWC1ALs2hpGFdt vhUFspKWqEBQ0CHN203jq3efyR5lLK+jDo3LHgms7cNrfJMlNZ+fSoPsFDHX8Ndo85ga2sRy+Z/LQ J0WB6sU3hkC7+d4vOzoQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyB97-0000000Dflo-3sjQ; Fri, 28 Mar 2025 14:57:21 +0000 Received: from markus.defensec.nl ([45.80.168.93]) by bombadil.infradead.org with esmtps (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyAhD-0000000DbAz-3kxd for openwrt-devel@lists.openwrt.org; Fri, 28 Mar 2025 14:28:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1743172095; bh=YAbc3uAAdJrJTWXVkgJCOIGoNIfNUdQrYU2YWwirsbs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=r9t4jLKkhlVplGYfcYS9JiZkdmSYcvZk3PMTl+uqcPq2j8E6EKX4uASl97vXu105o hn+ufB2d9yhwK/3JKut9KYU3kzxwD2oMT4Ciq/kyTxUpXqjj4qfQ9e1jb6vib4PKcx wapGXXVwWwH2eMHRiGzYb9POKA3cl/K597nTp8BA= Received: from template-20250210123507.. (nimbus.lan [IPv6:2a10:3781:2099::514]) by markus.defensec.nl (Postfix) with ESMTPSA id 85204160DA9; Fri, 28 Mar 2025 15:28:15 +0100 (CET) From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 4/6] policycoreutils: update to version 3.8.1 Date: Fri, 28 Mar 2025 15:28:09 +0100 Message-ID: <20250328142811.4096141-4-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250328142811.4096141-1-dominick.grift@defensec.nl> References: <20250328142811.4096141-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250328_072832_541764_DB8F9807 X-CRM114-Status: UNSURE ( 8.38 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.1 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. e0f61d3b Update VERSIONs to 3.8-rc3 for release. adf2e609 U [...] Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [45.80.168.93 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [45.80.168.93 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [45.80.168.93 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [45.80.168.93 listed in bl.score.senderscore.com] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. e0f61d3b Update VERSIONs to 3.8-rc3 for release. adf2e609 Update VERSIONs to 3.8-rc2 for release. 2dec1581 Update VERSIONs to 3.8-rc1 for release. cd8d6c7f fixfiles: use `grep -F` when search in mounts 0faf3433 policycoreutils: introduce unsetfiles 2eb286bc Release 3.7 e6c99f34 Update VERSIONs to 3.7-rc3 for release. fd080199 fixfiles: drop unnecessary \ line endings 9ef1a835 Update VERSIONs to 3.7-rc2 for release. 6a223cb1 Update VERSIONs to 3.7-rc1 for release. fc2e9318 setfiles: avoid unsigned integer underflow 97fa708d Update VERSIONs to 3.6 for release. 89dd980c Add CPPFLAGS to Makefiles 0f5a8dd3 Update VERSIONs to 3.6-rc2 for release. 3089f1f2 newrole: use DJB2a string hash function 1aaf5943 Update VERSIONs to 3.6-rc1 for release. 489197c4 Update translations df7d19ce setfiles: do not issue AUDIT_FS_RELABEL on dry run 14f35fde Do not automatically install Russian translations 5c3312e0 policycoreutils: Remove the Russian translations 8963492b checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: update my email f189e8af libselinux,policycoreutils,python,semodule-utils: de-brand SELinux c5581864 setsebool: drop unnecessary linking against libsepol 4c6a339e setsebool: improve bash-completion script e867c95b policycoreutils: Add examples to man pages Signed-off-by: Dominick Grift --- package/utils/policycoreutils/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/policycoreutils/Makefile b/package/utils/policycoreutils/Makefile index f5027c5ece..4d79830474 100644 --- a/package/utils/policycoreutils/Makefile +++ b/package/utils/policycoreutils/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=policycoreutils -PKG_VERSION:=3.5 +PKG_VERSION:=3.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=78453e1529fbbf800e88860094d555e781ce1fba11a7ef77b5aabb43e1173276 +PKG_HASH:=eef23196b501d141cb95f5fc52ef1a7289f459b65e4415ea0fe9aeedc5d80ef2 PKG_INSTALL:=1 HOST_BUILD_DEPENDS:=libsemanage/host gettext-full/host PKG_BUILD_DEPENDS:=BUSYBOX_CONFIG_PAM:libpam gettext-full/host From patchwork Fri Mar 28 14:28:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 2066512 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=34qD5vdG; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=a7/PL4lB; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZPNvc0v56z1yHP for ; Sat, 29 Mar 2025 01:58:50 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=JZsvhQ54bfSd6BHpoDEMGeJTKf/Y+U1xFhGMjKKfzsk=; b=34qD5vdGyogKSB 9gkxWqSN3xRgUqPALm/jKNi8S6xTwrPz826LxZFEwOCupkb3vUCyGgC1YH+psaMmK80zR6VJBky4H qkc4FwWhpR4FW8d7SWTbYLh7KnlUcnIikOV92DZ3xp8212X95ipqr1RQAfFMTEEk5dUFVcbmBAS/Z mfrvA88CO88sY9cdqZFq9rbT2TsKh0pPKtqM+4peg412k4/1TF8iRjTdJz5SxXhN8GgDpJFUmz7wd P9zvku9XElR5rexURvEdfSyzYqBUyI95BVoGMTgYq9X295fmTDuKL6zhTK31zTMMUbZw7+DZNUSNd a0CjSoDEJhEgn1UU4MZg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyB9D-0000000DfoQ-3dZ1; Fri, 28 Mar 2025 14:57:27 +0000 Received: from markus.defensec.nl ([2a10:3781:2099::123]) by bombadil.infradead.org with esmtps (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyAhD-0000000DbB2-3o5k for openwrt-devel@lists.openwrt.org; Fri, 28 Mar 2025 14:28:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1743172095; bh=AKXTWHWbfiSNqV5iIcC5akqdYZ9wIC2H2D5TtRV5Le8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a7/PL4lBgf5mn7OJlVA6OuU1ukxdqXjjqiHKtJSoYbW43WJAyPNQbhTz/1+BkwLur mos4+lhHdXIhw7NzAHeRjppM2HdRWuJziUvBmG7fT0gV6+FnQY2d45fznCzAG6DaPw vERv/7R3ekzCx5mARHSJ6PZHWB9aaRK6Gzlj+Y1Y= Received: from template-20250210123507.. (nimbus.lan [IPv6:2a10:3781:2099::514]) by markus.defensec.nl (Postfix) with ESMTPSA id 99584160DAA; Fri, 28 Mar 2025 15:28:15 +0100 (CET) From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 5/6] secilc: update to version 3.8.1 Date: Fri, 28 Mar 2025 15:28:10 +0100 Message-ID: <20250328142811.4096141-5-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250328142811.4096141-1-dominick.grift@defensec.nl> References: <20250328142811.4096141-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250328_072832_559742_D97992A1 X-CRM114-Status: UNSURE ( 9.00 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.8 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. e0f61d3b Update VERSIONs to 3.8-rc3 for release. adf2e609 U [...] Content analysis details: (-2.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2a10:3781:2099:0:0:0:0:123 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. e0f61d3b Update VERSIONs to 3.8-rc3 for release. adf2e609 Update VERSIONs to 3.8-rc2 for release. 2dec1581 Update VERSIONs to 3.8-rc1 for release. 1fd41f48 libsepol/cil: add support for xperms in conditional policies 2eb286bc Release 3.7 e6c99f34 Update VERSIONs to 3.7-rc3 for release. a02fccf8 tree-wide: fix misc typos 9ef1a835 Update VERSIONs to 3.7-rc2 for release. 6a223cb1 Update VERSIONs to 3.7-rc1 for release. 97fa708d Update VERSIONs to 3.6 for release. 89dd980c Add CPPFLAGS to Makefiles 0f5a8dd3 Update VERSIONs to 3.6-rc2 for release. e9fb71f0 secilc/docs: Fix and update the documentation for macro parameters 56dee923 secilc/docs: Update syntax for IP addresses and nodecon 1aaf5943 Update VERSIONs to 3.6-rc1 for release. e533a456 secilc/docs: fixes filecon example bb5a8541 secilc: Use versioned DocBook public identifier. 17c2247f secilc/docs: Add deny rule to CIL documentation cc02a5f5 secilc/test: Add deny rule tests 409b4d3b secilc/secil2tree: Add option to write CIL AST after post processing 0e88ee26 secilc/test: Add notself and other tests ed8f4a95 secilc/docs: Add notself and other keywords to CIL documentation 04613f68 secilc: add check for malloc in secilc Signed-off-by: Dominick Grift --- package/utils/secilc/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/secilc/Makefile b/package/utils/secilc/Makefile index 10547cfa23..0cb808b2e1 100644 --- a/package/utils/secilc/Makefile +++ b/package/utils/secilc/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=secilc -PKG_VERSION:=3.5 +PKG_VERSION:=3.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=3eebc5a1f97847fa530cf90654b9f3b8f21a13c9ea3d07495325651580cd3373 +PKG_HASH:=3db2974dd9a3c8403ada0392deff267b0398a74b4e7a0b051af76457270848d1 HOST_BUILD_DEPENDS:=libsepol/host PKG_MAINTAINER:=Dominick Grift From patchwork Fri Mar 28 14:28:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dominick Grift X-Patchwork-Id: 2066511 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=ng0k2jSh; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256 header.s=default header.b=CSwzHlQZ; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4ZPNvc2zLsz1yHR for ; Sat, 29 Mar 2025 01:58:52 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=2NmADUjRmDnj1zfEhJ4Y1zWdMv5BK4MtnXEtsRJ5YFQ=; b=ng0k2jSh/DwiIO 23aoxI/1nlEb8qwNchfLN3jB8VIorGB0SFl3CJ8NcYqIbKasNx+E2iBws3Fnr8jAyMjrlr5jAJacQ WVCknMGjd7xuTe+XJxZ1rzgOcuIQDsN8OvKi7YCkSbax/WuaDbSFYgf9w1h0UoTsL9nR/9yNlT/EH NdSJOmWuhvf41q361uiM6P5F6eg0pAFxG9PNdGbJ4sbIYRup6vSePvnEozZm6N6KsFYfdPwng9FWP fbDpe+9sx7D6pTCEt/8B8hSdGpevQtCCVfE8eMvH2MpkGaGNlB/EXEJICo7xquuKshvnSp3IaMgbG Bgja5ZiQsUf8BoEwbiJQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyB9F-0000000Dfoz-16Ol; Fri, 28 Mar 2025 14:57:29 +0000 Received: from markus.defensec.nl ([2a10:3781:2099::123]) by bombadil.infradead.org with esmtps (Exim 4.98.1 #2 (Red Hat Linux)) id 1tyAhH-0000000DbF9-0NzB for openwrt-devel@lists.openwrt.org; Fri, 28 Mar 2025 14:28:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl; s=default; t=1743172095; bh=2AUx2+xnUMdq2zdTVjUgfdBCuQzbCxE+tOr3IvkB0F0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CSwzHlQZQLjg+pPLGUDlX93QwQ9xnFVz8c6yIxG7Td2gGHc6AfImkZTjHxM8rmFKa Rf3RW/B797yKvql+PLMyqy1G8y4XZOvw4kdhZfcR2iZbNkrLP3hmINA5YrDpviNJvL oFE8naesw+0OfGILYKk+itz1h7UamomdUoRWnZMU= Received: from template-20250210123507.. (nimbus.lan [IPv6:2a10:3781:2099::514]) by markus.defensec.nl (Postfix) with ESMTPSA id AC120160DAB; Fri, 28 Mar 2025 15:28:15 +0100 (CET) From: Dominick Grift To: openwrt-devel@lists.openwrt.org Cc: Dominick Grift Subject: [PATCH 6/6] checkpolicy: update to version 3.8.1 Date: Fri, 28 Mar 2025 15:28:11 +0100 Message-ID: <20250328142811.4096141-6-dominick.grift@defensec.nl> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250328142811.4096141-1-dominick.grift@defensec.nl> References: <20250328142811.4096141-1-dominick.grift@defensec.nl> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20250328_072835_430391_92A3DE31 X-CRM114-Status: GOOD ( 10.19 ) X-Spam-Score: -2.8 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. 4c246013 checkpolicy: clear queue between parser passes fdb [...] Content analysis details: (-2.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [2a10:3781:2099:0:0:0:0:123 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Changes since version 3.5 8e9157bb Update VERSIONs to 3.8.1 for release. 71aec30d Update VERSIONs to 3.8 for release. 9833f0d2 Update VERSIONs to 3.8-rc4 for release. 4c246013 checkpolicy: clear queue between parser passes fdb70902 checkpolicy: do not consume unmatched identifiers 21cbacb6 checkpolicy: remove unneeded queue_head() 158fb95e checkpolicy: check identifier before copying e0f61d3b Update VERSIONs to 3.8-rc3 for release. adf2e609 Update VERSIONs to 3.8-rc2 for release. 42d653aa checkpolicy: drop host bits in IPv6 CIDR address 2dec1581 Update VERSIONs to 3.8-rc1 for release. 32c24c24 checkpolicy: add support for xperms in conditional policies 77747a36 checkpolicy: avoid leak of identifier on required attribute beca1ee1 checkpolicy: avoid memory leaks on redeclarations 6f2b689f checkpolicy: Fix MLS users in optional blocks e7bbd67b checkpolicy/fuzz: fix setjmp condition ba7945a2 libsepol: Support nlmsg extended permissions 5421320d libsepol: Rename ioctl xperms structures and functions 84a33fb9 checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix 2eb286bc Release 3.7 e6c99f34 Update VERSIONs to 3.7-rc3 for release. 5f822d33 checkpolicy: reject duplicate nodecon statements 9ef1a835 Update VERSIONs to 3.7-rc2 for release. 804e52b7 checkpolicy: support CIDR notation for nodecon statements 44533801 checkpolicy: perform contiguous check in host byte order 6a223cb1 Update VERSIONs to 3.7-rc1 for release. 82d99136 checkpolicy: drop global policyvers variable 505d1b4c checkpolicy: declare file local variable static f4ffda66 checkpolicy/tests: add test for splitting xperm rule 652e2883 checkpolicy: free complete role_allow_rule on error 04303b5b checkpolicy: drop union stack_item_u 08e55dff checkpolicy: drop never read member f07fc2a7 checkpolicy/fuzz: override YY_FATAL_ERROR 0ffe9747 checkpolicy: include for isprint(3) a39e474f checkpolicy: update error diagnostic 9f2f9e28 checkpolicy: free identifiers on invalid typebounds 39b3cc51 checkpolicy: handle unprintable token ca77c592 checkpolicy: use YYerror only when available f3b67a84 checkpolicy/fuzz: scan Xen policies f4330d57 checkpolicy: return YYerror on invalid character 0e1e30db checkpolicy: clone level only once b106fad2 checkpolicy/fuzz: drop redundant notdefined check 8c9d2d65 checkpolicy/fuzz: Update check_level() to use notdefined field fe16f586 checkpolicy, libsepol: Fix potential double free of mls_level_t 3dc11169 checkpolicy: misc policy_define.c cleanup 22f7bb8c checkpolicy: avoid assigning garbage values 63207ce8 checkpolicy: free temporary bounds type 4e407ba3 checkpolicy: provide more descriptive error messages 8ad3ce72 checkpolicy: bail out on invalid role 52f187cb checkpolicy: call YYABORT on parse errors 187e7584 checkpolicy: clean expression on error 770ad3ec checkpolicy: check allocation and free memory on error at type definition 8b115c45 checkpolicy: free ebitmap on error b75bf48b checkpolicy: cleanup identifiers on error c2fc48be checkpolicy: cleanup resources on parse error 595c4163 checkpolicy: add libfuzz based fuzzer 90db06c5 libsepol: Use a dynamic buffer in sepol_av_to_string() 97fa708d Update VERSIONs to 3.6 for release. 4d33c675 checkpolicy/dispol: misc updates 89dd980c Add CPPFLAGS to Makefiles 58a444fb checkpolicy/dismod: avoid duplicate initialization and fix module linking 0f5a8dd3 Update VERSIONs to 3.6-rc2 for release. fdb536f3 libsepol: avoid fixed sized format buffer for xperms 1aaf5943 Update VERSIONs to 3.6-rc1 for release. 2b9f21ef checkpolicy: add round-trip tests e6093911 checkpolicy: Remove support for role dominance rules 14f35fde Do not automatically install Russian translations b7e39e50 checkpolicy: Remove the Russian translations 8963492b checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: update my email 40674f48 Revert "checkpolicy,libsepol: move transition to separate structure in avtab" 6776946d Revert "checkpolicy,libsepol: move filename transitions to avtab" 6e6444a0 Revert "checkpolicy,libsepol: move filename transition rules to avrule" 748614b7 Revert "checkpolicy,libsepol: add prefix/suffix support to kernel policy" 311dc446 Revert "checkpolicy,libsepol: add prefix/suffix support to module policy" c39ebd07 checkpolicy,libsepol: add prefix/suffix support to module policy 1174483d checkpolicy,libsepol: add prefix/suffix support to kernel policy 565d8748 checkpolicy,libsepol: move filename transition rules to avrule e169fe26 checkpolicy,libsepol: move filename transitions to avtab de708edf checkpolicy,libsepol: move transition to separate structure in avtab b3788b9c dismod, dispol: reduce the messages in batch mode 6e077ba7 dismod: print the policy version only in interactive mode 4c069224 checkpolicy/dismod: misc improvements b87724cb checkpolicy: add option to skip checking neverallow rules 666a7dfd dispol: add --actions option for non-interactive use f8a076f1 dispol: handle EOF in user interaction eeb0a751 dispol: delete an unnecessary empty line f78eea5a dispol: add --help option 966de0c8 checkpolicy: Add examples to man pages df0b1929 dismod: add --actions option for non-interactive use d1a9cddf dismod: handle EOF in user interaction 5b1a2f1d dismod: delete an unnecessary empty line 5045368d dismod: add --help option 00728e12 checkpolicy: only set declared permission bits for wildcards c646f390 checkpolicy: reject condition with bool and tunable in expression 2d5f97b8 checkpolicy: drop unused token CLONE b7b32cf4 checkpolicy/dispol: add output functions d213d80f checkpolicy: rename bool identifiers 513fc157 checkpolicy: update cond_expr_t struct member name 6f7b0ee6 checkpolicy: add not-self neverallow support Signed-off-by: Dominick Grift --- package/utils/checkpolicy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/checkpolicy/Makefile b/package/utils/checkpolicy/Makefile index 4ebf97bb3f..179127bf1a 100644 --- a/package/utils/checkpolicy/Makefile +++ b/package/utils/checkpolicy/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=checkpolicy -PKG_VERSION:=3.5 +PKG_VERSION:=3.8.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION) -PKG_HASH:=7aa48ab2222a0b9881111d6d7f70c3014d3d9338827d9e02df105a68c0df5dbc +PKG_HASH:=7b477c516e2693d8b6c511386323177f1d7db51c2e04eb6d0de8ca2b36120e5d PKG_INSTALL:=1 PKG_BUILD_DEPENDS:=libselinux HOST_BUILD_DEPENDS:=libselinux/host