[PATCH 1/6] libsepol: update to version 3.8.1

Fri Mar 28 07:28:06 PDT 2025

Changes since version 3.5

8e9157bb Update VERSIONs to 3.8.1 for release.
71aec30d Update VERSIONs to 3.8 for release.
9833f0d2 Update VERSIONs to 3.8-rc4 for release.
8bbb51c9 libsepol: fix typos
4dd442f9 libsepol/cil: free nlmsg hashtable on error
e0f61d3b Update VERSIONs to 3.8-rc3 for release.
b234b710 libsepol: add missing word separators in error message
adf2e609 Update VERSIONs to 3.8-rc2 for release.
c28d9203 libsepol: avoid unnecessary memset(3) calls in hashtab
d49a3ecb libsepol: harden availability check against user CFLAGS
2dec1581 Update VERSIONs to 3.8-rc1 for release.
77da320e libsepol/tests: add cond xperm neverallow tests
c8f9dff3 libsepol: indent printed allow rule on assertion failure
1fd41f48 libsepol/cil: add support for xperms in conditional policies
438b16d1 libsepol: add support for xperms in conditional policies
18eb531b libsepol: misc assertion cleanup
be11f48b libsepol: Remove special handling of roles in module_to_cil.c
7492632a libsepol/cil: Optionally allow duplicate role declarations
b33da68f libsepol: Support nlmsg xperms in assertions
cd8302f0 libsepol: Initialize "strs" on declaration
00fb52ce libsepol/cil/cil_post: Initialize tmp on declaration
575d1cfa libsepol/mls: Do not destroy context on memory error
0dac9813 libsepol/cil: Initialize avtab_datum on declaration
9c7c6e15 libsepol: Add policy capability netlink_xperm
ba7945a2 libsepol: Support nlmsg extended permissions
0190a658 libsepol/cil: Allow dotted names in aliasactual rules
6b5626fd libsepol/cil: Check that sym_index is within bounds
1f080ffd libsepol/sepol_compute_sid: Do not destroy uninitialized context
2eb286bc Release 3.7
589e2dba libsepol: check scope permissions refer to valid class
1efc1214 libsepol: Do not reject all type rules in conditionals when validating
e6c99f34 Update VERSIONs to 3.7-rc3 for release.
c9ed9ea6 libsepol: contify function pointer arrays
a02fccf8 tree-wide: fix misc typos
8c1110d1 libsepol: validate attribute-type maps
d034a3e6 libsepol: rework permission enabled check
52e5c306 libsepol: move unchanged data out of loop
a3332e57 libsepol: hashtab: save one comparison on hit
9ef1a835 Update VERSIONs to 3.7-rc2 for release.
d506c0b1 libsepol: include prefix for module policy versions
b77d851f libsepol: validate type-attribute-map for old policies
fc3de95d libsepol: only exempt gaps checking for kernel policies
1c91bc84 libsepol: reject self flag in type rules in old policies
6a223cb1 Update VERSIONs to 3.7-rc1 for release.
1f173f8e libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
d3d975ae libsepol: validate class permissions
fa3a1bca libsepol: improve policy lookup failure message
e81a05a5 libsepol: constify function pointer arrays
8c64e5bb libsepol: validate access vector permissions
c071aa2e libsepol/cil: Check common perms when verifiying "all"
af543f1b libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks
6f7ddf27 libsepol: reject MLS support in pre-MLS policies
c205b924 libsepol: Fix buffer overflow when using sepol_av_to_string()
fe16f586 checkpolicy, libsepol: Fix potential double free of mls_level_t
162a0884 libsepol/cil: ensure transitivity in compare functions
b52e27ae libsepol: ensure transitivity in compare functions
fbd6c0f0 libsepol: use typedef
90db06c5 libsepol: Use a dynamic buffer in sepol_av_to_string()
3e3661f6 libsepol/src/Makefile: fix reallocarray detection
a0ff05ef libsepol: reorder calloc(3) arguments
97fa708d Update VERSIONs to 3.6 for release.
e54bedce libsepol: validate empty common classes in scope indices
d0b1400a libsepol: extended permission formatting cleanup
a55cd374 libsepol: avoid integer overflow in add_i_to_a()
22d3609b libsepol: constify tokenized input
2752043d libsepol/cil: Clear AST node after destroying bad filecon rule
89dd980c Add CPPFLAGS to Makefiles
139afe58 libsepol: simplify string formatting
4724538b libsepol: reject linking modules with no avrules
00cfecf6 libsepol/fuzz: handle empty and non kernel policies
68c3a999 libsepol: reject invalid class datums
4f1435dd libsepol: use correct type to avoid truncations
14f76201 libsepol: validate conditional type rules have a simple default type
0f5a8dd3 Update VERSIONs to 3.6-rc2 for release.
fdb536f3 libsepol: avoid fixed sized format buffer for xperms
285d7cc8 libsepol: avoid fixed sized format buffer for xperms
d3c2992e libsepol: add check for category value before printing
903e8cf2 libsepol/cil: Do not allow classpermissionset to use anonymous classpermission
9b7d560a libsepol/cil: Give warning for name that has different flavor
18657ad1 libsepol/cil: Add pointers to datums to improve writing out AST
fb0a4ce1 libsepol/cil: Allow paths in filecon rules to be passed as arguments
9e1a8ee3 libsepol/cil: Refactor Named Type Transition Filename Creation
dc676ab1 libsepol/cil: Allow IP address and mask values to be directly written
557cda59 libsepol/cil: Refactor and improve handling of order rules
19656bea libsepol/cil: Use struct cil_db * instead of void *
0dd926f4 libsepol/tests: Update the order of neverallow test results
08be6357 libsepol/cil: use DJB2a string hash function
d03d506a libsepol: use DJB2a string hash function
26cec7ca libsepol: include length squared in hashtab_hash_eval()
4f6a3abc libsepol: validate common classes have at least one permissions
b8f52459 libsepol: update policy capabilities array
541aab88 libsepol: avoid memory corruption on realloc failure
5e425b41 libsepol: avoid leak in OOM branch
27fe2b29 libsepol: set number of target names
cf6ddded libsepol: validate the identifier for initials SID is valid
bd1b7848 libsepol: enhance saturation check
44375cb4 libsepol: adjust type for saturation check
84a5457f libsepol: use str_read() where appropriate
1aaf5943 Update VERSIONs to 3.6-rc1 for release.
7cf2bfb5 libsepol: reject unsupported policy capabilities
7b754f70 libsepol: more strict validation
80eb2192 libsepol: validate constraint depth
4670a630 libsepol: validate default type of transition is not an attribute
f9fd2500 libsepol: avtab: check read counts for saturation
b1b3467a libsepol: reject avtab entries with invalid specifier
01da3a9c libsepol: Fix the version number for the latest exported function
5d5a871c libsepol: Export the cil_write_post_ast function
2fe8a495 libsepol/cil: Add cil_write_post_ast function
b0ed365e libsepol/cil: Process deny rules
9d5ca92b libsepol/cil: Add cil_tree_node_remove function
085e3300 libsepol/cil: Add cil_list_is_empty macro
34725469 libsepol/cil: Parse and add deny rule to AST, but do not process
1936a23a libsepol: Use ERR() instead of log_err()
902f0f94 libsepol: update CIL generation for trivial not-self rules
e55621c0 libsepol/cil: Add notself and other support to CIL
2b3dd2c7 libsepol/cil: Do not call ebitmap_init twice for an ebitmap
cd575089 libsepol: Changes to ebitmap.h to fix compiler warnings
14f35fde Do not automatically install Russian translations
c3d13010 libsepol: Remove the Russian translations
8b0acb05 libsepol: ebitmap: avoid branches for iteration
1c19dc4f libsepol: expand: check for memory allocation failure
ace9ec17 libsepol: expand: use identical type to avoid implicit conversion
0d144506 hashtab: update
511f4347 libsepol: validate: use fixed sized integers
8963492b checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: update my email
e81c466b libsepol/cil: Fix class permission verification in CIL
40674f48 Revert "checkpolicy,libsepol: move transition to separate structure in avtab"
6776946d Revert "checkpolicy,libsepol: move filename transitions to avtab"
6e6444a0 Revert "checkpolicy,libsepol: move filename transition rules to avrule"
97450c62 Revert "libsepol: implement new kernel binary format for avtab"
e3388c76 Revert "libsepol: implement new module binary format of avrule"
748614b7 Revert "checkpolicy,libsepol: add prefix/suffix support to kernel policy"
311dc446 Revert "checkpolicy,libsepol: add prefix/suffix support to module policy"
a77a8b2d Revert "libsepol/cil: add support for prefix/suffix filename transtions to CIL"
1d207355 libsepol/fuzz: more strict fuzzing of binary policies
df666f70 libsepol: check for overflow in put_entry()
0e2a78d5 libsepol: free initial sid names
0c50de03 libsepol/cil: add support for prefix/suffix filename transtions to CIL
c39ebd07 checkpolicy,libsepol: add prefix/suffix support to module policy
1174483d checkpolicy,libsepol: add prefix/suffix support to kernel policy
11013986 libsepol: implement new module binary format of avrule
7b77edd9 libsepol: implement new kernel binary format for avtab
565d8748 checkpolicy,libsepol: move filename transition rules to avrule
e169fe26 checkpolicy,libsepol: move filename transitions to avtab
de708edf checkpolicy,libsepol: move transition to separate structure in avtab
02e471f1 libsepol: add support for the new "init" initial SID
55b75a2c libsepol: stop translating deprecated intial SIDs to strings
30fe0f19 libsepol: replace log_err() by ERR()
5c35a7be libsepol: replace sepol_log_err() by ERR()
b041ecc6 libsepol: drop duplicate newline in sepol_log_err() calls
808a43ab libsepol: drop message for uncommon error cases
cae65d9a libsepol: expand: skip invalid cat
4ba8f7c3 libsepol: validate: reject XEN policy with xperm rules
ac015a39 libsepol: validate: check low category is not bigger than high
4cf37608 libsepol: validate old style range trans classes
45a4fc77 libsepol: validate some object contexts
f5d664eb libsepol: dump non-mls validatetrans rules as such
ae5a5d0a libsepol: rename bool identifiers
893b50c6 libsepol/tests: rename bool indentifiers
61f21385 libsepol: rename struct member
e9072e7d libsepol/tests: add tests for minus self neverallow rules
4a43831f libsepol/tests: add tests for not self neverallow rules
ec78788c libsepol: Add not self support for neverallow rules

Signed-off-by: Dominick Grift <dominick.grift at defensec.nl>
---
 package/libs/libsepol/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile
index b1a34d293e..e9072d01ea 100644
--- a/package/libs/libsepol/Makefile
+++ b/package/libs/libsepol/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libsepol
-PKG_VERSION:=3.5
+PKG_VERSION:=3.8.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
-PKG_HASH:=78fdaf69924db780bac78546e43d9c44074bad798c2c415d0b9bb96d065ee8a2
+PKG_HASH:=0e78705305f955abd4c0654d37a5477ee26349ab74db9e2b03a7868897ae1ddf
 
 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni at bootlin.com>
 PKG_CPE_ID:=cpe:/a:selinuxproject:libsepol
-- 
2.47.2


