[PATCH 6/6] checkpolicy: update to version 3.8.1

Dominick Grift dominick.grift at defensec.nl
Fri Mar 28 07:28:11 PDT 2025 

Changes since version 3.5

8e9157bb Update VERSIONs to 3.8.1 for release.
71aec30d Update VERSIONs to 3.8 for release.
9833f0d2 Update VERSIONs to 3.8-rc4 for release.
4c246013 checkpolicy: clear queue between parser passes
fdb70902 checkpolicy: do not consume unmatched identifiers
21cbacb6 checkpolicy: remove unneeded queue_head()
158fb95e checkpolicy: check identifier before copying
e0f61d3b Update VERSIONs to 3.8-rc3 for release.
adf2e609 Update VERSIONs to 3.8-rc2 for release.
42d653aa checkpolicy: drop host bits in IPv6 CIDR address
2dec1581 Update VERSIONs to 3.8-rc1 for release.
32c24c24 checkpolicy: add support for xperms in conditional policies
77747a36 checkpolicy: avoid leak of identifier on required attribute
beca1ee1 checkpolicy: avoid memory leaks on redeclarations
6f2b689f checkpolicy: Fix MLS users in optional blocks
e7bbd67b checkpolicy/fuzz: fix setjmp condition
ba7945a2 libsepol: Support nlmsg extended permissions
5421320d libsepol: Rename ioctl xperms structures and functions
84a33fb9 checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix
2eb286bc Release 3.7
e6c99f34 Update VERSIONs to 3.7-rc3 for release.
5f822d33 checkpolicy: reject duplicate nodecon statements
9ef1a835 Update VERSIONs to 3.7-rc2 for release.
804e52b7 checkpolicy: support CIDR notation for nodecon statements
44533801 checkpolicy: perform contiguous check in host byte order
6a223cb1 Update VERSIONs to 3.7-rc1 for release.
82d99136 checkpolicy: drop global policyvers variable
505d1b4c checkpolicy: declare file local variable static
f4ffda66 checkpolicy/tests: add test for splitting xperm rule
652e2883 checkpolicy: free complete role_allow_rule on error
04303b5b checkpolicy: drop union stack_item_u
08e55dff checkpolicy: drop never read member
f07fc2a7 checkpolicy/fuzz: override YY_FATAL_ERROR
0ffe9747 checkpolicy: include <ctype.h> for isprint(3)
a39e474f checkpolicy: update error diagnostic
9f2f9e28 checkpolicy: free identifiers on invalid typebounds
39b3cc51 checkpolicy: handle unprintable token
ca77c592 checkpolicy: use YYerror only when available
f3b67a84 checkpolicy/fuzz: scan Xen policies
f4330d57 checkpolicy: return YYerror on invalid character
0e1e30db checkpolicy: clone level only once
b106fad2 checkpolicy/fuzz: drop redundant notdefined check
8c9d2d65 checkpolicy/fuzz: Update check_level() to use notdefined field
fe16f586 checkpolicy, libsepol: Fix potential double free of mls_level_t
3dc11169 checkpolicy: misc policy_define.c cleanup
22f7bb8c checkpolicy: avoid assigning garbage values
63207ce8 checkpolicy: free temporary bounds type
4e407ba3 checkpolicy: provide more descriptive error messages
8ad3ce72 checkpolicy: bail out on invalid role
52f187cb checkpolicy: call YYABORT on parse errors
187e7584 checkpolicy: clean expression on error
770ad3ec checkpolicy: check allocation and free memory on error at type definition
8b115c45 checkpolicy: free ebitmap on error
b75bf48b checkpolicy: cleanup identifiers on error
c2fc48be checkpolicy: cleanup resources on parse error
595c4163 checkpolicy: add libfuzz based fuzzer
90db06c5 libsepol: Use a dynamic buffer in sepol_av_to_string()
97fa708d Update VERSIONs to 3.6 for release.
4d33c675 checkpolicy/dispol: misc updates
89dd980c Add CPPFLAGS to Makefiles
58a444fb checkpolicy/dismod: avoid duplicate initialization and fix module linking
0f5a8dd3 Update VERSIONs to 3.6-rc2 for release.
fdb536f3 libsepol: avoid fixed sized format buffer for xperms
1aaf5943 Update VERSIONs to 3.6-rc1 for release.
2b9f21ef checkpolicy: add round-trip tests
e6093911 checkpolicy: Remove support for role dominance rules
14f35fde Do not automatically install Russian translations
b7e39e50 checkpolicy: Remove the Russian translations
8963492b checkpolicy,libselinux,libsepol,policycoreutils,semodule-utils: update my email
40674f48 Revert "checkpolicy,libsepol: move transition to separate structure in avtab"
6776946d Revert "checkpolicy,libsepol: move filename transitions to avtab"
6e6444a0 Revert "checkpolicy,libsepol: move filename transition rules to avrule"
748614b7 Revert "checkpolicy,libsepol: add prefix/suffix support to kernel policy"
311dc446 Revert "checkpolicy,libsepol: add prefix/suffix support to module policy"
c39ebd07 checkpolicy,libsepol: add prefix/suffix support to module policy
1174483d checkpolicy,libsepol: add prefix/suffix support to kernel policy
565d8748 checkpolicy,libsepol: move filename transition rules to avrule
e169fe26 checkpolicy,libsepol: move filename transitions to avtab
de708edf checkpolicy,libsepol: move transition to separate structure in avtab
b3788b9c dismod, dispol: reduce the messages in batch mode
6e077ba7 dismod: print the policy version only in interactive mode
4c069224 checkpolicy/dismod: misc improvements
b87724cb checkpolicy: add option to skip checking neverallow rules
666a7dfd dispol: add --actions option for non-interactive use
f8a076f1 dispol: handle EOF in user interaction
eeb0a751 dispol: delete an unnecessary empty line
f78eea5a dispol: add --help option
966de0c8 checkpolicy: Add examples to man pages
df0b1929 dismod: add --actions option for non-interactive use
d1a9cddf dismod: handle EOF in user interaction
5b1a2f1d dismod: delete an unnecessary empty line
5045368d dismod: add --help option
00728e12 checkpolicy: only set declared permission bits for wildcards
c646f390 checkpolicy: reject condition with bool and tunable in expression
2d5f97b8 checkpolicy: drop unused token CLONE
b7b32cf4 checkpolicy/dispol: add output functions
d213d80f checkpolicy: rename bool identifiers
513fc157 checkpolicy: update cond_expr_t struct member name
6f7b0ee6 checkpolicy: add not-self neverallow support

Signed-off-by: Dominick Grift <dominick.grift at defensec.nl>
---
 package/utils/checkpolicy/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/utils/checkpolicy/Makefile b/package/utils/checkpolicy/Makefile
index 4ebf97bb3f..179127bf1a 100644
--- a/package/utils/checkpolicy/Makefile
+++ b/package/utils/checkpolicy/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=checkpolicy
-PKG_VERSION:=3.5
+PKG_VERSION:=3.8.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
-PKG_HASH:=7aa48ab2222a0b9881111d6d7f70c3014d3d9338827d9e02df105a68c0df5dbc
+PKG_HASH:=7b477c516e2693d8b6c511386323177f1d7db51c2e04eb6d0de8ca2b36120e5d
 PKG_INSTALL:=1
 PKG_BUILD_DEPENDS:=libselinux
 HOST_BUILD_DEPENDS:=libselinux/host
-- 
2.47.2

More information about the openwrt-devel mailing list