ANN: SELinux userspace 3.5-rc1 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello!

The 3.5-rc1 release for the SELinux userspace is now available at:

https://github.com/SELinuxProject/selinux/wiki/Releases

I signed all tarballs using my gpg key, see .asc files.
You can download the public key from
https://github.com/perfinion.gpg

Thanks to all the contributors, reviewers, testers and reporters!

With Kind Regards,
Jason Zaman

User-visible changes
--------------------

* Maintainer GPG fingerprints added to /SECURITY.md

* Remove dependency on the deprecated Python module distutils and install via pip

* semodule option --rebuild-if-modules-changed was renamed to --refresh

* Translation updated and better handling for unsupported languages

* fixfiles: Unmount temporary bind mounts on SIGINT

* sepolicy: Several python and GTK updates

* libsepol: Stricter policy validation

* A lot of static code analyse issues, fuzzer issues and compiler warnings fixed

* Bug fixes

Development-relevant changes
----------------------------

* ci: Run on Fedora36 instead of F34


Shortlog of the changes since 3.4 release
-----------------------------------------

Christian Göttsche (52):
      libselinux: declare return value of context_str(3) const
      semodule: avoid toctou on output module
      libselinux: simplify policy path logic to avoid uninitialized read
      libselinux: add header guard for internal header
      libselinux: introduce strlcpy
      libselinux: check for truncations
      libselinux: add man page redirections
      libselinux: enclose macro definition in parenthesis
      libselinux: name parameters in context.h
      libselinux: declare parameter of security_load_policy(3) const
      python/audit2allow: close file stream on error
      libsepol: fix validation of user declarations in modules
      checkpolicy: error out if required permission would exceed limit
      libselinux: restorecon: avoid printing NULL pointer
      libsepol: avoid potential NULL dereference on optional parameter
      libsepol/utils: improve wording
      libsepol: do not modify policy during write
      libselinux: set errno to EBADF on O_PATH emulation ENOENT failure
      libsepol: break circular include
      libsepol: include necessary headers in headers
      libsepol: enclose macro parameters and replacement lists in parentheses
      libsepol/tests: add ebitmap tests
      libsepol: add ebitmap_init_range
      libsepol/cil: use ebitmap_init_range
      libsepol: optimize ebitmap_not
      libsepol: optimize ebitmap_and
      libsepol: optimize ebitmap_xor
      libsepol: skip superfluous memset calls in ebitmap operations
      libsepol: rename validate_policydb to policydb_validate
      libsepol: support const avtab_t pointer in avtab_map()
      libsepol: operate on const pointers during validation
      libsepol: rename parameter name
      libsepol: more strict validation
      libsepol: refactor ebitmap conversion in link.c
      libselinux: avoid newline in avc message
      checkpolicy: use strict function prototype for definitions
      restorecond: use strict function prototype for definition
      ci: bump versions in GitHub Actions
      scripts/ci: use F36 image instead of F34
      scripts: ignore Flake8 tag E275
      Ignore egg-info directories and clean them
      libselinux: support objname in compute_create
      libsepol/cil: restore error on context rule conflicts
      libselinux: simplify string copying
      checkpolicy: simplify string copying
      libsepol: simplify string copying
      libselinux: drop set but not used internal variable
      libsepol/tests: use more strict compiler options
      libsepol/tests: add tests for neverallow assertions
      libselinux: make use of strndup
      libselinux: bail out on path truncations
      libselinux: filter arguments with path separators

Dominick Grift (1):
      secilc/doc: classmap is also allowed in permissionx

Elijah Conners (1):
      python: remove IOError in certain cases

James Carter (8):
      docs: Add GPG fingerprints
      python: Do not query the local database if the fcontext is non-local
      libselinux: Remove dependency on the Python module distutils
      libsemanage: Remove dependency on the Python module distutils
      python: Remove dependency on the Python module distutils
      scripts: Remove dependency on the Python module distutils
      README.md: Remove mention of python3-distutils dependency
      Revert "Use `pip install` instead of `setup.py install`"

Jason Zaman (3):
      libselinux: Ignore installed when installing python bindings to DESTDIR
      python: Ignore installed when installing to DESTDIR
      Update VERSIONs to 3.5-rc1 for release.

Jie Lu (3):
      libselinux: fix memory leaks on the audit2why module init
      libselinux: fix some memory issues in db_init
      libselinux:add check for malloc

Juraj Marcin (2):
      libsepol: fix missing double quotes in typetransition CIL rule
      checkpolicy: avoid passing NULL pointer to memset()

Matt Sheets (1):
      libsemanage: Allow user to set SYSCONFDIR

Nicolas Iooss (3):
      libselinux: do not return the cached prev_current value when using getpidcon()
      libsepol: initialize s in constraint_expr_eval_reason
      CircleCI: do not add Debian-specific parameter when invoking setup.py

Ondrej Mosnacek (2):
      libsemanage: always write kernel policy when check_ext_changes is specified
      semodule: rename --rebuild-if-modules-changed to --refresh

Paul Moore (3):
      docs: add Paul Moore's GPG fingerprint
      docs: provide a top level LICENSE file
      docs: update the README.md with a basic SELinux description

Petr Lautrbach (16):
      Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
      libsepol: Drop unused assignment
      gui: Fix export file chooser dialog
      sandbox: Do not try to remove tmpdir twice if uid == 0
      sandbox: Use temporary directory for XDG_RUNTIME_DIR
      python: Fix typo in audit2allow.1 example
      python/sepolicy: Fix sepolicy manpage -w ...
      python/sepolicy: Use distro module to get os version
      python/sepolicy: Simplify generation of man pages
      fixfiles: Unmount temporary bind mounts on SIGINT
      Fix E275 missing whitespace after keyword
      Use `pip install` instead of `setup.py install`
      sepolicy: Switch main selection menu to GtkPopover
      python: Fix detection of sepolicy.glade location
      sepolicy: Call os.makedirs() with exist_ok=True
      Use `pip install` instead of `setup.py install`

Thiébaud Weksteen (1):
      libselinux: ignore invalid class name lookup

Vit Mojzis (7):
      python: Split "semanage import" into two transactions
      gettext: handle unsupported languages properly
      Update translations
      python: Harden tools against "rogue" modules
      libselinux: Ignore missing directories when -i is used
      checkpolicy: Improve error message for type bounds
      libsemanage: Use more conscious language

bauen1 (2):
      secilc/docs: fix syntax highlighting
      secilc/docs: disable pandoc default css for html docs


Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux