[openwrt/openwrt] libsepol: update to version 3.3

LEDE Commits lede-commits at lists.infradead.org
Sun Oct 31 06:09:47 PDT 2021


dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/25e15f5951cf232b1a247a3df8f9120f2ecd3fe5

commit 25e15f5951cf232b1a247a3df8f9120f2ecd3fe5
Author: Dominick Grift <dominick.grift at defensec.nl>
AuthorDate: Fri Oct 22 13:51:11 2021 +0200

    libsepol: update to version 3.3
    
    Update VERSIONs to 3.3 for release.
    libsepol/cil: Fix potential undefined shifts
    libsepol: Fix potential undefined shifts
    Update VERSIONs to 3.3-rc3 for release.
    libsepol/cil: Do not skip macros when resolving until later passes
    libsepol/cil: Limit the amount of reporting for bounds failures
    libsepol/cil: silence clang void-pointer-to-enum-cast warning
    libsepol: resolve GCC warning about null-dereference
    libsepol: use correct cast
    libsepol: ebitmap: mark nodes of const ebitmaps const
    Update VERSIONs to 3.3-rc2 for release.
    libsepol/cil: Handle operations in a class mapping when verifying
    libsepol/cil: Do not use original type and typeattribute datums
    libsepol: free memory after policy validation
    libsepol: avoid implicit conversions
    libsepol: fix typo
    libsepol/cil: Free duplicate datums in original calling function
    libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    Update VERSIONs and Python bindings version to 3.3-rc1 for release
    libsepol/cil: Limit the number of active line marks
    libsepol/cil: Add function to get number of items in a stack
    libsepol: Fix detected RESOURCE_LEAKs
    libsepol/cil: Fix syntax checking in __cil_verify_syntax()
    libsepol/cil: Use size_t for len in __cil_verify_syntax()
    libsepol/cil: Remove redundant syntax checking
    libsepol/cil: Improve in-statement to allow use after inheritance
    libsepol/cil: Simplify cil_tree_children_destroy()
    libsepol/cil: Refactor the function __cil_build_ast_node_helper()
    libsepol/cil: Don't destroy optionals whose parent will be destroyed
    libsepol/cil: Properly check for parameter when inserting name
    libsepol/cil: Reset expandtypeattribute rules when resetting AST
    libsepol/cil: Properly check parse tree when printing error messages
    libsepol/cil: Allow some duplicate macro and block declarations
    libsepol/cil: When writing AST use line marks for src_info nodes
    libsepol/cil: Report correct high-level language line numbers
    libsepol/cil: Add line mark kind and line number to src info
    libsepol/cil: Create common string-to-unsigned-integer functions
    libsepol/cil: Push line mark state first when processing a line mark
    libsepol/cil: Check for valid line mark type immediately
    libsepol/cil: Check the token type after getting the next token
    libsepol/cil: Check syntax of src_info statement
    libsepol/cil: move the fuzz target and build script to the selinux repository
    libsepol: replace strerror by %m
    libsepol/cil: remove obsolete comment
    libsepol/cil: do not allow \0 in quoted strings
    libsepol/cil: Fix handling category sets in an expression
    libsepol: assure string NUL-termination of ibdev_name
    libsepol: avoid implicit conversions
    libsepol: ignore UBSAN false-positives
    libsepol: avoid unsigned integer overflow
    libsepol/cil: Improve checking for bad inheritance patterns
    libsepol: silence -Wextra-semi-stmt warning
    libsepol/cil: do not override previous results of __cil_verify_classperms
    libsepol/cil: Provide option to allow qualified names in declarations
    libsepol/cil: make array cil_sym_sizes const
    libsepol/cil: Only reset AST if optional has a declaration
    libsepol/cil: Add function to determine if a subtree has a declaration
    libsepol/cil: Improve degenerate inheritance check
    libsepol/cil: Reduce the initial symtab sizes for blocks
    libsepol/cil: Check for empty list when marking neverallow attributes
    libsepol/cil: Fix syntax checking of defaultrange rule
    libsepol/cil: Properly check for loops in sets
    libsepol/cil: Allow duplicate optional blocks in most cases
    libsepol: declare read-only arrays const
    libsepol: declare file local variable static
    libsepol: drop unnecessary casts
    libsepol: drop repeated semicolons
    libsepol/cil: avoid using maybe uninitialized variables
    libsepol/cil: drop unnecessary casts
    libsepol/cil: drop dead store
    libsepol/cil: drop extra semicolon
    libsepol/cil: silence cast warning
    libsepol: remove dead stores
    libsepol: do not allocate memory of size 0
    libsepol: mark read-only parameters of type_set_ interfaces const
    libsepol: mark read-only parameters of ebitmap interfaces const
    libsepol: remove dead stores
    libsepol/cil: follow declaration-after-statement
    libsepol: follow declaration-after-statement
    libsepol: avoid unsigned integer overflow
    libsepol: remove unused functions
    libsepol: resolve missing prototypes
    libsepol: fix typos
    libsepol: Quote paths when generating policy.conf from binary policy
    libsepol/cil: Account for anonymous category sets in an expression
    libsepol/cil: Fix anonymous IP address call arguments
    libsepol: quote paths in CIL conversion
    libsepol/cil: Resolve anonymous levels only once
    libsepol/cil: Pointers to datums should be set to NULL when resetting
    libsepol/cil: Resolve anonymous class permission sets only once
    libsepol/cil: Limit the number of open parenthesis allowed
    libsepol/cil: Destroy the permission nodes when exiting with an error
    libsepol/cil: Handle disabled optional blocks in earlier passes
    libsepol/cil: Do not resolve arguments to declarations in the call
    libsepo/cil: Refactor macro call resolution
    libsepol/cil: Do not add NULL node when inserting key into symtab
    libsepol/cil: Make name resolution in macros work as documented
    libsepol/cil: Fix name resolution involving inherited blocks
    libsepol/cil: Check for self-referential loops in sets
    libsepol/cil: Return an error if a call argument fails to resolve
    libsepol/cil: Check datum in ordered list for expected flavor
    libsepol/cil: Detect degenerate inheritance and exit with an error
    libsepol/cil: Fix instances where an error returns SEPOL_OK
    libsepol/cil: Properly reset an anonymous classperm set
    libsepol: use checked arithmetic builtin to perform safe addition
    libsepol/cil: Add functions to make use of cil_write_ast()
    libsepol/cil: Create functions to write the CIL AST
    libsepol/cil: Use CIL_ERR for error messages in cil_compile()
    libsepol/cil: Make invalid statement error messages consistent
    libsepol/cil: Do not allow tunable declarations in in-statements
    libsepol/cil: Sync checks for invalid rules in macros
    libsepol/cil: Check for statements not allowed in optional blocks
    libsepol/cil: Sync checks for invalid rules in booleanifs
    libsepol/cil: Reorder checks for invalid rules when resolving AST
    libsepol/cil: Use AST to track blocks and optionals when resolving
    libsepol/cil: Create new first child helper function for building AST
    libsepol/cil: Cleanup build AST helper functions
    libsepol/cil: Reorder checks for invalid rules when building AST
    libsepol/cil: Move check for the shadowing of macro parameters
    libsepol/cil: Create function cil_add_decl_to_symtab() and refactor
    libsepol/cil: Refactor helper function for cil_gen_node()
    libsepol/cil: Allow permission expressions when using map classes
    libsepol/cil: Exit with an error if declaration name is a reserved word
    libsepol/cil: More strict verification of constraint leaf expressions
    libsepol/cil: Set class field to NULL when resetting struct cil_classperms
    libsepol/cil: cil_reset_classperms_set() should not reset classpermission
    libsepol/cil: Destroy classperm list when resetting map perms
    libsepol/cil: Destroy classperms list when resetting classpermission
    libsepol/cil: Fix out-of-bound read of file context pattern ending with "\"
    libsepol/cil: Check for duplicate blocks, optionals, and macros
    libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression
    libsepol: Enclose identifier lists in CIL constraint expressions
    libsepol/cil: Allow lists in constraint expressions
    libsepol: Enclose identifier lists in constraint expressions
    libsepol: Write "NO_IDENTIFIER" for empty constraint expression
    libsepol: make num_* unsigned int in module_to_cil
    libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs
    libsepol/cil: fix NULL pointer dereference in __cil_insert_name
    libsepol/cil: replace printf with proper cil_tree_log
    libsepol/cil: remove stray printf
    libsepol/cil: make cil_post_fc_fill_data static
    libsepol: Check kernel to CIL and Conf functions for supported versions
    libsepol: Remove unnecessary copying of declarations from link.c
    libsepol: Properly handle types associated to role attributes
    libsepol: Expand role attributes in constraint expressions
    
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
    [re-apply now that buildbot phase1 has caught up]
    Signed-off-by: Dominick Grift <dominick.grift at defensec.nl>
---
 package/libs/libsepol/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/libs/libsepol/Makefile b/package/libs/libsepol/Makefile
index c7950a9ba0..87f1ccd917 100644
--- a/package/libs/libsepol/Makefile
+++ b/package/libs/libsepol/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libsepol
-PKG_VERSION:=3.2
+PKG_VERSION:=3.3
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2
-PKG_HASH:=dfc7f662af8000116e56a01de6a0394ed79be1b34b999e551346233c5dd19508
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
+PKG_HASH:=2d97df3eb8466169b389c3660acbb90c54200ac96e452eca9f41a9639f4f238b
 
 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni at bootlin.com>
 



More information about the lede-commits mailing list