Hello! The 3.7 release for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases I signed all tarballs using my gpg key, see .asc files. You can download the public key from https://github.com/bachradsusi.gpg Thanks to all the contributors, reviewers, testers and reporters! User-visible changes -------------------- * `audit2allow -C` for CIL output mode * sepolgen: adjust parse for refpolicy * semanage: Allow modifying records on "add" * semanage: Do not sort local fcontext definitions * Improved man pages * checkpolicy: support CIDR notation for nodecon statements * sandbox: Add support for Wayland * Code improvements and bug fixes Shortlog of the changes since 3.7 release ----------------------------------------- Christian Göttsche (84): libselinux/man: mention errno for regex compilation failure libselinux/man: sync selinux_check_securetty_context(3) libselinux/utils: free allocated resources libselinux/utils: improve compute_av output libselinux: align SELABEL_OPT_DIGEST usage with man page libselinux: fail selabel_open(3) on invalid option libselinux: use logging wrapper in getseuser(3) and get_default_context(3) family libselinux: support huge passwd/group entries libsemanage: support huge passwd entries libselinux: enable usage with pedantic UB sanitizers setfiles: avoid unsigned integer underflow libsepol: reorder calloc(3) arguments libselinux: reorder calloc(3) arguments sandbox: do not override warning CFLAGS mcstrans: check memory allocations libselinux: use reentrant strtok_r(3) checkpolicy: add libfuzz based fuzzer checkpolicy: cleanup resources on parse error checkpolicy: cleanup identifiers on error checkpolicy: free ebitmap on error checkpolicy: check allocation and free memory on error at type definition checkpolicy: clean expression on error checkpolicy: call YYABORT on parse errors checkpolicy: bail out on invalid role libsepol: use typedef checkpolicy: provide more descriptive error messages checkpolicy: free temporary bounds type checkpolicy: avoid assigning garbage values checkpolicy: misc policy_define.c cleanup libsepol: ensure transitivity in compare functions libsepol/cil: ensure transitivity in compare functions mcstrans: ensure transitivity in compare functions sepolgen: adjust parse for refpolicy checkpolicy/fuzz: drop redundant notdefined check checkpolicy: clone level only once checkpolicy: return YYerror on invalid character libsepol: reject MLS support in pre-MLS policies checkpolicy/fuzz: scan Xen policies libselinux/utils/selabel_digest: drop unsupported option -d libselinux/utils/selabel_digest: cleanup libselinux/utils/selabel_digest: avoid buffer overflow libselinux: free data on selabel open failure libselinux/utils/selabel_digest: pass BASEONLY only for file backend libselinux: avoid logs in get_ordered_context_list() without policy checkpolicy: use YYerror only when available checkpolicy: handle unprintable token checkpolicy: free identifiers on invalid typebounds checkpolicy: update error diagnostic checkpolicy: include <ctype.h> for isprint(3) checkpolicy/fuzz: override YY_FATAL_ERROR libsepol: validate access vector permissions checkpolicy: drop never read member checkpolicy: drop union stack_item_u checkpolicy: free complete role_allow_rule on error libsepol: constify function pointer arrays libsepol: improve policy lookup failure message checkpolicy/tests: add test for splitting xperm rule checkpolicy: declare file local variable static checkpolicy: drop global policyvers variable github: bump Python and Ruby versions libsepol: validate class permissions libselinux/man: correct file extension of man pages libselinux/man: sync const qualifiers libselinux/man: use void in synopses libselinux/man: add format attribute for set_matchpathcon_printf(3) libselinux: constify selinux_set_mapping(3) parameter libsepol: reject self flag in type rules in old policies libsepol: only exempt gaps checking for kernel policies libsepol: validate type-attribute-map for old policies libsepol: include prefix for module policy versions checkpolicy: perform contiguous check in host byte order checkpolicy: support CIDR notation for nodecon statements libselinux: free empty scandir(3) result libselinux: avoid pointer dereference before check mcstrans: free constraint in error branch libsepol: hashtab: save one comparison on hit libsepol: move unchanged data out of loop libsepol: rework permission enabled check checkpolicy: reject duplicate nodecon statements libsepol: validate attribute-type maps tree-wide: fix misc typos libsepol: contify function pointer arrays libselinux: constify avc_open(3) parameter libsepol: check scope permissions refer to valid class Fabrice Fontaine (1): libsepol/src/Makefile: fix reallocarray detection James Carter (8): libselinux: Fix ordering of arguments to calloc libsepol: Use a dynamic buffer in sepol_av_to_string() checkpolicy, libsepol: Fix potential double free of mls_level_t checkpolicy/fuzz: Update check_level() to use notdefined field libsepol: Fix buffer overflow when using sepol_av_to_string() libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks libsepol/cil: Check common perms when verifiying "all" libsepol: Do not reject all type rules in conditionals when validating Petr Lautrbach (9): Update VERSIONs to 3.7-rc1 for release. sandbox: do not fail without xmodmap sandbox: do not run window manager if it's not a session seunshare: Add [ -P pipewiresocket ] [ -W waylandsocket ] options sandbox: Add support for Wayland Update VERSIONs to 3.7-rc2 for release. fixfiles: drop unnecessary \ line endings Update VERSIONs to 3.7-rc3 for release. Release 3.7 Topi Miettinen (1): audit2allow: CIL output mode Vit Mojzis (3): python/semanage: Do not sort local fcontext definitions python/semanage: Allow modifying records on "add" libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)