[PATCH 1/8] libsepol: update to version 3.4

Dominick Grift dominick.grift at defensec.nl
Thu May 19 11:54:13 PDT 2022 

0a8c177d Update VERSIONs to 3.4 for release.
9e096e6e libsepol,checkpolicy: add support for self keyword in type transitions
539b0660 libsepol/cil: add support for self keyword in type transitions
9df28c24 Update VERSIONs to 3.4-rc3 for release.
2a167d11 Update VERSIONs to 3.4-rc2 for release.
8c115936 libsepol/cil: comment out unused function __cil_verify_rule
80137479 libsepol/tests: adjust IPv6 netmasks
c74df1cd libsepol/tests: Declare file local functions as static
4a77a5ba libsepol/tests: Include paired headers for prototypes
02f330c9 libsepol/tests Include policydb.h header for policydb_t declaration
9d57ab6c libsepol: drop unnecessary const discarding casts
68a29c3a libsepol: check correct pointer for oom
6bc29805 libsepol/cil: declare file local function pointer static
20187dbf libsepol: Replace calls to mallocarray() with calls to calloc()
fed78faa libsepol: add policy utilities
fbba2393 libsepol: export functions for policy analysis
3ae07ec3 libsepol: introduce sepol_const_security_context_t typedef
f0e085f6 libsepol: add sepol_av_perm_to_string
73562de8 Update VERSIONs to 3.4-rc1 for release.
f5a764d9 libsepol/cil: post process pirqcon rules
cf7f7aaf libsepol/cil: drop unused function cil_tree_error
6bfd1be2 libsepol/cil: declare file local functions static
c640af42 libsepol: mark immutable common helper parameter const
63599466 libsepol: mark immutable mls and context parameter const
0233e4f6 libsepol: add missing oom checks
5d3c4430 libsepol/cil: silence GCC 12 array-bounds false positive
c3f0124b libsepol: Validate conditional expressions
dfc652f0 libsepol: Use calloc when initializing bool_val_to_struct array
5456002f libsepol/cil: Write a message when a log message is truncated
29e610f9 libsepol: Don't write out constraint if it has no permissions
1f15c628 libsepol/cil: Don't add constraint if there are no permissions
0d84ebcb libsepol: Shorten the policy capability enum names
672d8c2c libsepol: validate boolean datum arrays
93ff4ce5 libsepol: reject xperm av rules in conditional statements
5b6e6254 libsepol: Do a more thorough validation of constraints
cc1bd5e8 libsepol: fix reallocarray imports
2d35696d libsepol: NULL pointer offset fix
71bcdcc9 libsepol: Add 'ioctl_skip_cloexec' policy capability
c900816e libsepol: Populate and use policy name
bc26ddc5 libsepol/cil: Limit the amount of reporting for context rule conflicts
c964fe14 libsepol/cil: Limit the neverallow violations reported
3c45d91c libsepol/cil: Provide more control over reporting bounds failures
3ffb84ec libsepol/cil: Add cil_get_log_level() function
71291385 libsepol: Fix two problems with neverallowxperm reporting
931380ca libsepol: Set args avtab pointer when reporting assertion violations
fb3a383f libsepol: The src and tgt must be the same if neverallow uses self
46106724 libsepol: Make return value clearer when reporting neverallowx errors
88c79c68 libsepol: Refactor match_any_class_permissions() to be clearer
3b71e516 libsepol: Make use of previously created ebitmap when checking self
cfdf4ec2 libsepol: Move assigning outer loop index out of inner loop
8f643827 libsepol: Remove unnessesary check for matching class
68d32d2c libsepol: Use (rc < 0) instead of (rc) when calling ebitmap functions
7312d3c6 libsepol: Create function check_assertion_self_match() and use it
d4456cb4 libsepol: Move check of target types to before check for self
a9d56880 libsepol: Use consistent return checking style
18e1ae11 libsepol: Check for error from check_assertion_extended_permissions()
a700e426 libsepol: Remove uneeded error messages in assertion checking
c2af8933 libsepol: Change label in check_assertion_avtab_match()
521e6ad7 libsepol: Return an error if check_assertion() returns an error.
ff25475c libsepol: validate several flags
9bee80da libsepol: more strict constraint validation
496002e7 libsepol: use correct error type to please UBSAN
86cdb9f1 libsepol/cil: Ensure that the class in a classcommon is a kernel class
f0823bbb libsepol/cil: Do not resolve names to declarations in abstract blocks
6d783e5b libsepol/cil: Mark as abstract all sub-blocks of an abstract block
e6429963 libsepol/cil: Do not copy blockabstracts when inheriting a block
58443a00 libsepol: do not add gaps to string list
73850041 libsepol: invert only valid range of role bitmap
42a8dc46 libsepol: handle type gaps
b8cba274 libsepol: drop trailing newlines in log messages
f52f5e27 libsepol: return failure on saturated class name length
c3d52a6a libsepol: check for saturated class name length
ad2ff8a8 ci: run the tests under ASan/UBsan on GHActions
b78560fd libsepol: check for valid sensitivity before lookup
b2ba721e libsepol/cil: bail out on snprintf failure
5e6e516e libsepol: validate class default targets
24618ad3 libsepol: validate fsuse types
8a7215c6 libsepol: validate categories
80b94415 libsepol: validate policy properties
2c4da50a libsepol: validate permissive types
88e280a1 libsepol: validate genfs contexts
86281337 libsepol: validate ocontexts
5f816232 libsepol: validate type of avtab type rules
8c59d614 libsepol: validate constraint expression operators and attributes
312eac1c libsepol: validate avtab and avrule types
ba6d8225 libsepol: resolve log message mismatch
e39cf0a1 libsepol: validate permission count of classes
fffb1609 libsepol: validate expanded user range and level
8fdb3eb2 libsepol: validate MLS levels
e2e60d9b libsepol: split validation of datum array gaps and entries
691e6aff libsepol: do not create a string list with initial size zero
35ef9b95 libsepol: use correct size for initial string list
73154020 libsepol: do not crash on user gaps
b76eda52 libsepol: do not crash on class gaps
c12b7d90 libsepol: do not underflow on short format arguments
47c3d96e libsepol: use size_t for indexes in strs helpers
8565e2c5 libsepol: zero member before potential dereference
1b4979c5 libsepol: reject invalid filetrans source type
8750fb68 libsepol: reject abnormal huge sid ids
f571438a libsepol: clean memory on conditional insertion failure
2331dcaf libsepol: enforce avtab item limit
97af65f6 libsepol: add checks for read sizes
f0a5f6e3 libsepol: use reallocarray wrapper to avoid overflows
18303c85 libsepol: use mallocarray wrapper to avoid overflows
852f14d4 libsepol: use logging framework in ebitmap.c
5c178f9f libsepol: use logging framework in conditional.c
51394330 libsepol/fuzz: limit element sizes for fuzzing
82438341 libsepol: add libfuzz based fuzzer for reading binary policies
e0ba1168 libsepol/fuzz: silence secilc-fuzzer
413518a6 libsepol/cil: support IPv4/IPv6 address embedding
a46ade3f libsepol: Write out genfscon file type when writing out CIL policy
3677af8f libsepol/cil: Allow optional file type in genfscon rules
c9ed5521 libsepol/cil: Refactor filecon file type handling
55e67489 libsepol: Add support for file types in writing out policy.conf
c42dcf58 libsepol: use string literals as format strings
f95dbf2c libsepol: avoid passing NULL pointer to memcpy
b98d3c4c libsepol: do not pass NULL to memcpy

Signed-off-by: Dominick Grift <dominick.grift at defensec.nl>
---
 package/libs/libsepol/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile
index 87f1ccd917..39f646b7c0 100644
--- a/package/libs/libsepol/Makefile
+++ b/package/libs/libsepol/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libsepol
-PKG_VERSION:=3.3
+PKG_VERSION:=3.4
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
-PKG_HASH:=2d97df3eb8466169b389c3660acbb90c54200ac96e452eca9f41a9639f4f238b
+PKG_HASH:=fc277ac5b52d59d2cd81eec8b1cccd450301d8b54d9dd48a993aea0577cf0336
 
 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni at bootlin.com>
 
-- 
2.36.1

More information about the openwrt-devel mailing list