Packages changed: checkpolicy (3.6 -> 3.7) coreutils coreutils-systemd kernel-firmware-nvidia-gspx-G06 libselinux (3.6 -> 3.7) libselinux-bindings (3.6 -> 3.7) libsemanage (3.6 -> 3.7) libsepol (3.6 -> 3.7) openSUSE-release (20240711 -> 20240712) policycoreutils (3.6 -> 3.7) python-semanage (3.6 -> 3.7) restorecond (3.6 -> 3.7) === Details === ==== checkpolicy ==== Version update (3.6 -> 3.7) - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * checkpolicy: support CIDR notation for nodecon statements * checkpolicy: provide more descriptive error messages and improve error handling * Bugfixes: * checkpolicy: handle unprintable token * checkpolicy: avoid assigning garbage values * checkpolicy: free temporary bounds type * checkpolicy: perform contiguous check in host byte order * checkpolicy: include for isprint(3) * oss-fuzz fixes: * checkpolicy: add libfuzz based fuzzer * checkpolicy: free complete role_allow_rule on error * checkpolicy: free identifiers on invalid typebounds * checkpolicy: return YYerror on invalid character * checkpolicy: clone level only once ==== coreutils ==== Subpackages: coreutils-lang - coreutils-i18n.patch: fold(1): fix exit code for non-existent file. The exit code of fold(1) was zero for non-existent file: $ fold badfile; echo $? fold: badfile: No such file or directory 0 The bug was introduced by the downstrean I18N patch. (rhbz#2296201) ==== coreutils-systemd ==== - coreutils-i18n.patch: fold(1): fix exit code for non-existent file. The exit code of fold(1) was zero for non-existent file: $ fold badfile; echo $? fold: badfile: No such file or directory 0 The bug was introduced by the downstrean I18N patch. (rhbz#2296201) ==== kernel-firmware-nvidia-gspx-G06 ==== - due to maintenance process we can switch to noarch only for new products; so do this only for sle15-sp7 or later ==== libselinux ==== Version update (3.6 -> 3.7) Subpackages: libselinux1 libselinux1-32bit selinux-tools - Fix segfault caused by upstream changes in selabel_open(): libselinux-set-free-d-data-to-NULL.patch Can be removed once it is upstream. - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes * libselinux/utils/selabel_digest: drop unsupported option -d * libselinux/utils: improve compute_av output * libselinux: fail selabel_open(3) on invalid option * Improved man pages * Improvements * libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks * libselinux: enable usage with pedantic UB sanitizers * libselinux: support huge passwd/group entries * Bugfixes: * libselinux/utils/selabel_digest: avoid buffer overflow * libselinux: avoid pointer dereference before check * libselinux/utils/selabel_digest: pass BASEONLY only for file backend * libselinux: free empty scandir(3) result * libselinux: free data on selabel open failure * libselinux: use reentrant strtok_r(3) ==== libselinux-bindings ==== Version update (3.6 -> 3.7) - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes * libselinux/utils/selabel_digest: drop unsupported option -d * libselinux/utils: improve compute_av output * libselinux: fail selabel_open(3) on invalid option * Improved man pages * Improvements * libselinux, libsepol: Add CFLAGS and LDFLAGS to Makefile checks * libselinux: enable usage with pedantic UB sanitizers * libselinux: support huge passwd/group entries * Bugfixes: * libselinux/utils/selabel_digest: avoid buffer overflow * libselinux: avoid pointer dereference before check * libselinux/utils/selabel_digest: pass BASEONLY only for file backend * libselinux: free empty scandir(3) result * libselinux: free data on selabel open failure * libselinux: use reentrant strtok_r(3) ==== libsemanage ==== Version update (3.6 -> 3.7) Subpackages: libsemanage-conf libsemanage2 - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * Bugfixes: * libsemanage: support huge passwd entries ==== libsepol ==== Version update (3.6 -> 3.7) - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * libsepol: improve policy lookup failure message * libsepol: include prefix for module policy versions * libsepol: validate type-attribute-map for old policies * libsepol: only exempt gaps checking for kernel policies * Bugfixes: * libsepol/src/Makefile: fix reallocarray detection * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) * libsepol: ensure transitivity in compare functions * oss-fuzz fixes: * libsepol: check scope permissions refer to valid class * libsepol: validate attribute-type maps * libsepol: reject self flag in type rules in old policies * libsepol: validate class permissions * libsepol: validate access vector permissions * libsepol: reject MLS support in pre-MLS policies * libsepol: Fix buffer overflow when using sepol_av_to_string() * libsepol: Use a dynamic buffer in sepol_av_to_string() ==== openSUSE-release ==== Version update (20240711 -> 20240712) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== policycoreutils ==== Version update (3.6 -> 3.7) Subpackages: policycoreutils-lang policycoreutils-python-utils python311-policycoreutils - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 User-visible changes: * audit2allow -C for CIL output mode * sepolgen: adjust parse for refpolicy * Bugfixes: * fixfiles: drop unnecessary \ line endings * setfiles: avoid unsigned integer underflow * python/semanage: Do not sort local fcontext definitions * python/semanage: Allow modifying records on "add" - Refresh get_os_version.patch ==== python-semanage ==== Version update (3.6 -> 3.7) - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * Bugfixes: * libsemanage: support huge passwd entries ==== restorecond ==== Version update (3.6 -> 3.7) - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * no changes from 3.6, only version changed to 3.7