diff mbox series

[meta-selinux] selinux: upgrade 3.9 -> 3.10

Message ID 20260204074854.3080384-1-yi.zhao@windriver.com
State New
Headers show
Series [meta-selinux] selinux: upgrade 3.9 -> 3.10 | expand

Commit Message

Yi Zhao Feb. 4, 2026, 7:48 a.m. UTC 
ChangeLog:
https://github.com/SELinuxProject/selinux/releases/tag/3.10

* libsepol: fix TARGET and LIBSO on Darwin
* secilc: use correct long option name for -X
* Fix problem with bounds statements in optional blocks
* libsepol: Fix processing of levels for user rule in an optional block
* libsepol: Fix problem with handling type attributes in role-types rule
* libsepol: Fix expand_role_attributes_in_attributes()
* Allow type attributes to be associated with other type attributes
* libsepol: Support functionfs_seclabel policycap
* improve semanage man pages: Add examples for -r RANGE flag usage
* libselinux: fix parsing of the enforcing kernel cmdline parameter
* seunshare: always use translations when printing
* treewide: add .clang-format configuration file
* setfiles: Add -A option to disable SELINUX_RESTORECON_ADD_ASSOC
* libsepol: add memfd_class capability
* semanage: Reset active value when deleting boolean customizations
* python/sepolicy: Add support for DNF5
* sandbox/seunshare: Replace system() with execv() to prevent shell
  injection
* libsepol: Tighten checks on MLS range and level when validating
* libsepol: Fix potential NULL dereference in policydb_read()
* libsepol: Fix potential use of an uninitialized value in link.c
* libsepol: add bpf_token_perms polcap
* libsepol: Fix possible use-after-free when expanding attributes
* libselinux/src/Makefile: build python module without isolation
* restorecon: Add option to count relabeled files
* Bug fixes

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../selinux/{checkpolicy_3.9.bb => checkpolicy_3.10.bb}   | 0
 ...libselinux-python_3.9.bb => libselinux-python_3.10.bb} | 0
 ...file-fix-python-modules-install-path-for-multili.patch | 8 ++++----
 ...ot-use-PYCEXT-and-rely-on-the-installed-file-nam.patch | 6 +++---
 ...elinux-restore-drop-the-obsolete-LSF-transitiona.patch | 8 ++++----
 .../selinux/{libselinux_3.9.bb => libselinux_3.10.bb}     | 0
 .../selinux/{libsemanage_3.9.bb => libsemanage_3.10.bb}   | 0
 .../selinux/{libsepol_3.9.bb => libsepol_3.10.bb}         | 0
 .../selinux/{mcstrans_3.9.bb => mcstrans_3.10.bb}         | 0
 .../{policycoreutils_3.9.bb => policycoreutils_3.10.bb}   | 0
 .../selinux/{restorecond_3.9.bb => restorecond_3.10.bb}   | 0
 .../selinux/{secilc_3.9.bb => secilc_3.10.bb}             | 0
 .../selinux/{selinux-dbus_3.9.bb => selinux-dbus_3.10.bb} | 0
 .../selinux/{selinux-gui_3.9.bb => selinux-gui_3.10.bb}   | 0
 .../{selinux-python_3.9.bb => selinux-python_3.10.bb}     | 0
 .../{selinux-sandbox_3.9.bb => selinux-sandbox_3.10.bb}   | 0
 recipes-security/selinux/selinux_common.inc               | 2 +-
 .../{semodule-utils_3.9.bb => semodule-utils_3.10.bb}     | 0
 18 files changed, 12 insertions(+), 12 deletions(-)
 rename recipes-security/selinux/{checkpolicy_3.9.bb => checkpolicy_3.10.bb} (100%)
 rename recipes-security/selinux/{libselinux-python_3.9.bb => libselinux-python_3.10.bb} (100%)
 rename recipes-security/selinux/{libselinux_3.9.bb => libselinux_3.10.bb} (100%)
 rename recipes-security/selinux/{libsemanage_3.9.bb => libsemanage_3.10.bb} (100%)
 rename recipes-security/selinux/{libsepol_3.9.bb => libsepol_3.10.bb} (100%)
 rename recipes-security/selinux/{mcstrans_3.9.bb => mcstrans_3.10.bb} (100%)
 rename recipes-security/selinux/{policycoreutils_3.9.bb => policycoreutils_3.10.bb} (100%)
 rename recipes-security/selinux/{restorecond_3.9.bb => restorecond_3.10.bb} (100%)
 rename recipes-security/selinux/{secilc_3.9.bb => secilc_3.10.bb} (100%)
 rename recipes-security/selinux/{selinux-dbus_3.9.bb => selinux-dbus_3.10.bb} (100%)
 rename recipes-security/selinux/{selinux-gui_3.9.bb => selinux-gui_3.10.bb} (100%)
 rename recipes-security/selinux/{selinux-python_3.9.bb => selinux-python_3.10.bb} (100%)
 rename recipes-security/selinux/{selinux-sandbox_3.9.bb => selinux-sandbox_3.10.bb} (100%)
 rename recipes-security/selinux/{semodule-utils_3.9.bb => semodule-utils_3.10.bb} (100%)
diff mbox series

Patch

diff --git a/recipes-security/selinux/checkpolicy_3.9.bb b/recipes-security/selinux/checkpolicy_3.10.bb
similarity index 100%
rename from recipes-security/selinux/checkpolicy_3.9.bb
rename to recipes-security/selinux/checkpolicy_3.10.bb
diff --git a/recipes-security/selinux/libselinux-python_3.9.bb b/recipes-security/selinux/libselinux-python_3.10.bb
similarity index 100%
rename from recipes-security/selinux/libselinux-python_3.9.bb
rename to recipes-security/selinux/libselinux-python_3.10.bb
diff --git a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
index 9bb9acb..8002149 100644
--- a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
+++ b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
@@ -1,4 +1,4 @@ 
-From 985a3e50fe2f80f47e3ee71ad74b72f3b4ecf7c6 Mon Sep 17 00:00:00 2001
+From 644c2eb918d3a7f2281325e7dcb6d4e33266b91f Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Mon, 13 Apr 2020 12:44:23 +0800
 Subject: [PATCH] Makefile: fix python modules install path for multilib
@@ -11,15 +11,15 @@  Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index 261c22d4..edb3ca06 100644
+index 0dbba7f4..d8011c99 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
 @@ -198,7 +198,7 @@ ifneq ($(DISABLE_SHARED),y)
  endif
  
  install-pywrap: pywrap
--	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
-+	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) --root $(DESTDIR) --ignore-installed --no-deps $(PYTHON_SETUP_ARGS) .
+-	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --no-build-isolation --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
++	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --no-build-isolation --prefix=$(PREFIX) --root $(DESTDIR) --ignore-installed --no-deps $(PYTHON_SETUP_ARGS) .
  	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
  	ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
  
diff --git a/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index 1af4435..b6bd671 100644
--- a/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -1,4 +1,4 @@ 
-From 1bb35bc277129c976bb480a05de91dab346c84c9 Mon Sep 17 00:00:00 2001
+From 9d62321214b87fd91f8aa5dcb4ca1768ed07a255 Mon Sep 17 00:00:00 2001
 From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 Date: Fri, 25 Oct 2019 13:37:14 +0200
 Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
@@ -27,7 +27,7 @@  Signed-off-by: Changqing Li <changqing.li@windriver.com>
  1 file changed, 1 insertion(+), 2 deletions(-)
 
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index edb3ca06..8da3f542 100644
+index d8011c99..c611422d 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
 @@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
@@ -40,7 +40,7 @@  index edb3ca06..8da3f542 100644
  RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
 @@ -200,7 +199,7 @@ endif
  install-pywrap: pywrap
- 	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) --root $(DESTDIR) --ignore-installed --no-deps $(PYTHON_SETUP_ARGS) .
+ 	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --no-build-isolation --prefix=$(PREFIX) --root $(DESTDIR) --ignore-installed --no-deps $(PYTHON_SETUP_ARGS) .
  	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
 -	ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
 +	ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux*.so $(DESTDIR)$(PYTHONLIBDIR)/
diff --git a/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch b/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch
index 5dad436..2c7a70e 100644
--- a/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch
+++ b/recipes-security/selinux/libselinux/0003-libselinux-restore-drop-the-obsolete-LSF-transitiona.patch
@@ -1,4 +1,4 @@ 
-From d555e83f8ca2482c673981250d72fbc4ce29c44c Mon Sep 17 00:00:00 2001
+From c4cb7a15e3f5c4081e3a459f15da3e58449cc4de Mon Sep 17 00:00:00 2001
 From: Renato Caldas <renato@calgera.com>
 Date: Thu, 29 Jun 2023 13:59:11 +0100
 Subject: [PATCH] libselinux: restore: drop the obsolete LSF transitional API.
@@ -14,10 +14,10 @@  Signed-off-by: Renato Caldas <renato@calgera.com>
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
-index 39eabeb9..128aff4b 100644
+index 8fadf4d2..f23bad0c 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
-@@ -439,7 +439,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
+@@ -443,7 +443,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
  	file_spec_t *prevfl, *fl;
  	uint32_t h;
  	int ret;
@@ -26,7 +26,7 @@  index 39eabeb9..128aff4b 100644
  
  	__pthread_mutex_lock(&fl_mutex);
  
-@@ -453,7 +453,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
+@@ -457,7 +457,7 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
  	for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
  	     prevfl = fl, fl = fl->next) {
  		if (ino == fl->ino) {
diff --git a/recipes-security/selinux/libselinux_3.9.bb b/recipes-security/selinux/libselinux_3.10.bb
similarity index 100%
rename from recipes-security/selinux/libselinux_3.9.bb
rename to recipes-security/selinux/libselinux_3.10.bb
diff --git a/recipes-security/selinux/libsemanage_3.9.bb b/recipes-security/selinux/libsemanage_3.10.bb
similarity index 100%
rename from recipes-security/selinux/libsemanage_3.9.bb
rename to recipes-security/selinux/libsemanage_3.10.bb
diff --git a/recipes-security/selinux/libsepol_3.9.bb b/recipes-security/selinux/libsepol_3.10.bb
similarity index 100%
rename from recipes-security/selinux/libsepol_3.9.bb
rename to recipes-security/selinux/libsepol_3.10.bb
diff --git a/recipes-security/selinux/mcstrans_3.9.bb b/recipes-security/selinux/mcstrans_3.10.bb
similarity index 100%
rename from recipes-security/selinux/mcstrans_3.9.bb
rename to recipes-security/selinux/mcstrans_3.10.bb
diff --git a/recipes-security/selinux/policycoreutils_3.9.bb b/recipes-security/selinux/policycoreutils_3.10.bb
similarity index 100%
rename from recipes-security/selinux/policycoreutils_3.9.bb
rename to recipes-security/selinux/policycoreutils_3.10.bb
diff --git a/recipes-security/selinux/restorecond_3.9.bb b/recipes-security/selinux/restorecond_3.10.bb
similarity index 100%
rename from recipes-security/selinux/restorecond_3.9.bb
rename to recipes-security/selinux/restorecond_3.10.bb
diff --git a/recipes-security/selinux/secilc_3.9.bb b/recipes-security/selinux/secilc_3.10.bb
similarity index 100%
rename from recipes-security/selinux/secilc_3.9.bb
rename to recipes-security/selinux/secilc_3.10.bb
diff --git a/recipes-security/selinux/selinux-dbus_3.9.bb b/recipes-security/selinux/selinux-dbus_3.10.bb
similarity index 100%
rename from recipes-security/selinux/selinux-dbus_3.9.bb
rename to recipes-security/selinux/selinux-dbus_3.10.bb
diff --git a/recipes-security/selinux/selinux-gui_3.9.bb b/recipes-security/selinux/selinux-gui_3.10.bb
similarity index 100%
rename from recipes-security/selinux/selinux-gui_3.9.bb
rename to recipes-security/selinux/selinux-gui_3.10.bb
diff --git a/recipes-security/selinux/selinux-python_3.9.bb b/recipes-security/selinux/selinux-python_3.10.bb
similarity index 100%
rename from recipes-security/selinux/selinux-python_3.9.bb
rename to recipes-security/selinux/selinux-python_3.10.bb
diff --git a/recipes-security/selinux/selinux-sandbox_3.9.bb b/recipes-security/selinux/selinux-sandbox_3.10.bb
similarity index 100%
rename from recipes-security/selinux/selinux-sandbox_3.9.bb
rename to recipes-security/selinux/selinux-sandbox_3.10.bb
diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index 1c5e158..a7f704d 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -1,7 +1,7 @@ 
 HOMEPAGE = "https://github.com/SELinuxProject"
 
 SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=main;protocol=https"
-SRCREV = "919e9e64cc4b20f5a1e4df1e38cce1bfe15aff09"
+SRCREV = "ca10fc4204ed60540d41d2499127c18ad0643f9e"
 
 S = "${UNPACKDIR}/${BP}/${BPN}"
 
diff --git a/recipes-security/selinux/semodule-utils_3.9.bb b/recipes-security/selinux/semodule-utils_3.10.bb
similarity index 100%
rename from recipes-security/selinux/semodule-utils_3.9.bb
rename to recipes-security/selinux/semodule-utils_3.10.bb