{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":20648799,"defaultBranch":"main","name":"selinux","ownerLogin":"SELinuxProject","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2014-06-09T14:09:57.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/7838867?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1699456326.0","currentOid":""},"activityList":{"items":[{"before":"017d7d5347144643be09fd918d9b15f9112bab99","after":"1f080ffd7ab24b0ad2b46f79db63d62c2ae2747c","ref":"refs/heads/main","pushedAt":"2024-07-30T17:18:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"stephensmalley","name":"Stephen Smalley","path":"/stephensmalley","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7840580?s=80&v=4"},"commit":{"message":"libsepol/sepol_compute_sid: Do not destroy uninitialized context\n\nAvoid context_destroy() on \"newcontext\" before context_init() is called.\n\nFixes:\n  libsepol-3.6/src/services.c:1335: var_decl: Declaring variable \"newcontext\" without initializer.\n  libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value \"newcontext.range.level[0].cat.node\" when calling \"context_destroy\".\n  \\# 1460|   \trc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid);\n  \\# 1461|         out:\n  \\# 1462|-> \tcontext_destroy(&newcontext);\n  \\# 1463|   \treturn rc;\n  \\# 1464|   }\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>\nReviewed-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>","shortMessageHtmlLink":"libsepol/sepol_compute_sid: Do not destroy uninitialized context"}},{"before":"84a33fb96b4876a49bfb739b9a2160d88e015209","after":"017d7d5347144643be09fd918d9b15f9112bab99","ref":"refs/heads/main","pushedAt":"2024-07-30T17:16:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"stephensmalley","name":"Stephen Smalley","path":"/stephensmalley","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7840580?s=80&v=4"},"commit":{"message":"libselinux: Fix integer comparison issues when compiling for 32-bit\n\nTrying to compile libselinux for 32-bit produces the following error:\n\nselinux_restorecon.c:1194:31: error: comparison of integer expressions of different signedness: ‘__fsword_t’ {aka ‘int’} and ‘unsigned int’ [-Werror=sign-compare]\n 1194 |         if (state.sfsb.f_type == RAMFS_MAGIC || state.sfsb.f_type == TMPFS_MAGIC ||\n      |                               ^~\n\nSince RAMFS_MAGIC = 0x858458f6 == 2240043254, which > 2^31, but < 2^32,\ncast both as uint32_t for the comparison.\n\nReported-by: Daniel Schepler\nSigned-off-by: James Carter <jwcart2@gmail.com>\nReviewed-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>","shortMessageHtmlLink":"libselinux: Fix integer comparison issues when compiling for 32-bit"}},{"before":"d96f27bf7cb918cfd3123c5281381ef8b5196ac3","after":"84a33fb96b4876a49bfb739b9a2160d88e015209","ref":"refs/heads/main","pushedAt":"2024-07-29T19:19:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"stephensmalley","name":"Stephen Smalley","path":"/stephensmalley","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7840580?s=80&v=4"},"commit":{"message":"checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix\n\nThe lower 64 bits of the subnet prefix for an ibpkeycon rule should\nall be 0's. Unfortunately the check uses the s6_addr macro which refers\nto the 16 entry array of 8-bit values in the union and does not refer\nto the correct bits.\n\nUse the s6_addr32 macro instead which refers to the 4 entry array of\n32-bit values in the union and refers to the lower 64 bits.\n\nSigned-off-by: James Carter <jwcart2@gmail.com>\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>","shortMessageHtmlLink":"checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix"}},{"before":"7974aea5e3a38385ef4ca98c33bb45515c44552b","after":"d96f27bf7cb918cfd3123c5281381ef8b5196ac3","ref":"refs/heads/main","pushedAt":"2024-07-29T11:56:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"stephensmalley","name":"Stephen Smalley","path":"/stephensmalley","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7840580?s=80&v=4"},"commit":{"message":"libsemanage: Preserve file context and ownership in policy store\n\nMake sure that file context (all parts) and ownership of\nfiles/directories in policy store does not change no matter which user\nand under which context executes policy rebuild.\n\nFixes:\n  # semodule -B\n  # ls -lZ  /etc/selinux/targeted/contexts/files\n\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 421397 Jul 11 09:57 file_contexts\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0 593470 Jul 11 09:57 file_contexts.bin\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  14704 Jul 11 09:57 file_contexts.homedirs\n-rw-r--r--. 1 root root unconfined_u:object_r:file_context_t:s0  20289 Jul 11 09:57 file_contexts.homedirs.bin\n\n  SELinux user changed from system_u to the user used to execute semodule\n\n  # capsh --user=testuser --caps=\"cap_dac_override,cap_chown+eip\" --addamb=cap_dac_override,cap_chown -- -c \"semodule -B\"\n  # ls -lZ  /etc/selinux/targeted/contexts/files\n\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 421397 Jul 19 09:10 file_contexts\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0 593470 Jul 19 09:10 file_contexts.bin\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  14704 Jul 19 09:10 file_contexts.homedirs\n-rw-r--r--. 1 testuser testuser unconfined_u:object_r:file_context_t:s0  20289 Jul 19 09:10 file_contexts.homedirs.bin\n\n  Both file context and ownership changed -- causes remote login\n  failures and other issues in some scenarios.\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>","shortMessageHtmlLink":"libsemanage: Preserve file context and ownership in policy store"}},{"before":"f398662ea19d2cf6db6cb791e3b787889e5af883","after":"7974aea5e3a38385ef4ca98c33bb45515c44552b","ref":"refs/heads/main","pushedAt":"2024-07-29T11:40:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"stephensmalley","name":"Stephen Smalley","path":"/stephensmalley","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7840580?s=80&v=4"},"commit":{"message":"libselinux/restorecon: Include <selinux/label.h>\n\nrestorecon.h uses types defined in label.h, so it needs to include\nlabel.h (or code using restorecon.h also needs to include label.h,\nwhich is not practical).\n\nFixes:\n  $ make DESTDIR=~/obj install > make.out\nIn file included from semanage_store.c:39:\n/home/sdsmall/obj/usr/include/selinux/restorecon.h:137:52: error:\n‘struct selabel_handle’ declared inside parameter list will not be\nvisible outside of this definition or declaration [-Werror]\n  137 | extern void selinux_restorecon_set_sehandle(struct\nselabel_handle *hndl);\n      |                                                    ^~~~~~~~~~~~~~\ncc1: all warnings being treated as errors\nmake[2]: *** [Makefile:111: semanage_store.o] Error 1\nmake[1]: *** [Makefile:15: install] Error 2\nmake: *** [Makefile:40: install] Error 1\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>\nAcked-by: Stephen Smalley <stephen.smalley.work@gmail.com>","shortMessageHtmlLink":"libselinux/restorecon: Include &lt;selinux/label.h&gt;"}},{"before":"2eb286bc0841791043567437ba5413f3014fb94e","after":"f398662ea19d2cf6db6cb791e3b787889e5af883","ref":"refs/heads/main","pushedAt":"2024-07-22T10:24:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"libselinux: set free'd data to NULL\n\nFixes segfault in selabel_open() on systems with SELinux disabled and without any\nSELinux policy installed introduced by commit 5876aca0484f (\"libselinux: free\ndata on selabel open failure\"):\n\n    $ sestatus\n    SELinux status:                 disabled\n\n    $ cat /etc/selinux/config\n    cat: /etc/selinux/config: No such file or directory\n\n    $ matchpathcon /abc\n    [1]    907999 segmentation fault (core dumped)  matchpathcon /abc\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libselinux: set free'd data to NULL"}},{"before":"589e2dba72f43714f4f216aa1683803684b66f1e","after":"2eb286bc0841791043567437ba5413f3014fb94e","ref":"refs/heads/main","pushedAt":"2024-06-26T15:41:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Release 3.7\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"Release 3.7"}},{"before":"e6c99f34a1c93f2e9f56a7fbe3e0e0c17aa7e12f","after":"589e2dba72f43714f4f216aa1683803684b66f1e","ref":"refs/heads/main","pushedAt":"2024-06-21T18:06:48.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libsepol: check scope permissions refer to valid class\n\nValidate that the permission maps in the scope index refer to a valid\nclass datum.  Otherwise since commit 52e5c306 (\"libsepol: move unchanged\ndata out of loop\") this can lead to a NULL dereference in the class\nexistence check during linking.\n\nReported-by: oss-fuzz (issue 69655)\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libsepol: check scope permissions refer to valid class"}},{"before":"f55f76484b21dd9d3bf105226e8ef6ff6d4a1e9c","after":"e6c99f34a1c93f2e9f56a7fbe3e0e0c17aa7e12f","ref":"refs/heads/main","pushedAt":"2024-06-20T12:58:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.7-rc3 for release.\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"Update VERSIONs to 3.7-rc3 for release."}},{"before":"9ef1a83563c19eae5a09836623de91e66a640554","after":"f55f76484b21dd9d3bf105226e8ef6ff6d4a1e9c","ref":"refs/heads/main","pushedAt":"2024-06-14T14:08:31.000Z","pushType":"push","commitsCount":12,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libselinux: constify avc_open(3) parameter\n\nThe option array passed to avc_open(3) is only read from.\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libselinux: constify avc_open(3) parameter"}},{"before":"2c9007f2275ac470bdeb353bcde1ccb082380c1f","after":"9ef1a83563c19eae5a09836623de91e66a640554","ref":"refs/heads/main","pushedAt":"2024-06-05T18:44:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.7-rc2 for release.\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"Update VERSIONs to 3.7-rc2 for release."}},{"before":"804e52b7f8a3c8649615211a961ef8189fe73f39","after":"2c9007f2275ac470bdeb353bcde1ccb082380c1f","ref":"refs/heads/main","pushedAt":"2024-06-05T17:48:58.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"sandbox: Add support for Wayland\n\n- use XWayland for X application if it's run in Wayland session\n- run Wayland apps directly if it's run in Wayland session\n- add sandbox -Y option to run run Wayland application\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"sandbox: Add support for Wayland"}},{"before":"6a223cb1c2ba26246c704f3f99a067ca75fef661","after":"804e52b7f8a3c8649615211a961ef8189fe73f39","ref":"refs/heads/main","pushedAt":"2024-05-24T13:47:40.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"checkpolicy: support CIDR notation for nodecon statements\n\nSupport the Classless Inter-Domain Routing (CIDR) notation for IP\naddresses with their associated network masks in nodecon statements.\nThe two following statements are equivalent:\n\n    nodecon 10.8.0.0 255.255.0.0 USER1:ROLE1:TYPE1\n    nodecon 10.8.0.0/16          USER1:ROLE1:TYPE1\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"checkpolicy: support CIDR notation for nodecon statements"}},{"before":"1f173f8efab8e9931898d924057bd0ea8da759b7","after":"6a223cb1c2ba26246c704f3f99a067ca75fef661","ref":"refs/heads/main","pushedAt":"2024-05-22T15:51:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.7-rc1 for release.\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"Update VERSIONs to 3.7-rc1 for release."}},{"before":"e81a05a5050354261049cc7b5987372e763fc5f4","after":"1f173f8efab8e9931898d924057bd0ea8da759b7","ref":"refs/heads/main","pushedAt":"2024-05-02T18:03:18.000Z","pushType":"push","commitsCount":12,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)\n\nlibsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function \"cil_malloc\".\nlibsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: \"mls_level\" = storage returned from \"cil_malloc(24UL)\".\nlibsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource \"mls_level\" is not freed or pointed-to in \"mls_level_init\".\nlibsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource \"mls_level\" is not freed or pointed-to in \"mls_level_cpy\".\nlibsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable \"mls_level\" going out of scope leaks the storage it points to.\n\nSigned-off-by: Vit Mojzis <vmojzis@redhat.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)"}},{"before":"39b3cc51350a4ba670f9f38493311ec316e4d84d","after":"e81a05a5050354261049cc7b5987372e763fc5f4","ref":"refs/heads/main","pushedAt":"2024-04-04T16:21:04.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libsepol: constify function pointer arrays\n\nThe function pointer arrays are never changed, declare them const.\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libsepol: constify function pointer arrays"}},{"before":"5937e9bd26acc13103df38651683d0389bca6ecb","after":"39b3cc51350a4ba670f9f38493311ec316e4d84d","ref":"refs/heads/main","pushedAt":"2024-03-27T19:06:40.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"checkpolicy: handle unprintable token\n\nIn case the erroneous token is unprintable, e.g. a control character,\nprint its hex value instead.\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"checkpolicy: handle unprintable token"}},{"before":"8c9d2d656b35e913f33f723aaaf90cc4ee71a335","after":"5937e9bd26acc13103df38651683d0389bca6ecb","ref":"refs/heads/main","pushedAt":"2024-03-20T20:03:35.000Z","pushType":"push","commitsCount":14,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"audit2allow: CIL output mode\n\nNew flag -C for audit2allow sets output format to CIL instead of\nPolicy Language.\n\nExample:\n;============= mozilla_t ==============\n\n;!!!! This avc is allowed in the current policy\n(allow mozilla_t user_sudo_t (fd (use)))\n\n;============= user_t ==============\n\n;!!!! This avc can be allowed using the boolean 'allow_execmem'\n(allow user_t self (process (execmem)))\n(allow user_t chromium_t (process (noatsecure rlimitinh siginh)))\n\n;!!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access.\n;Constraint rule:\n;       constrain dir { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute quotaon mounton audit_access open execmod watch watch_mount watch_sb watch_with_perm watch_reads add_name remove_name reparent search rmdir } ((u1 == u2 -Fail-)  or (u1 == system_u -Fail-)  or (u1 == unconfined_u -Fail-)  or (u1 == sysadm_u -Fail-)  or (u2 == system_u -Fail-)  or (t1 != ubac_constrained_type -Fail-)  or (t2 != ubac_constrained_type -Fail-)  or (t1 == ubacfile -Fail-) ); Constraint DENIED\n\n;       Possible cause is the source user (user_u) and target user (sysadm_u) are different.\n(allow user_t user_home_dir_t (dir (getattr relabelto)))\n\nSigned-off-by: Topi Miettinen <toiwoton@gmail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"audit2allow: CIL output mode"}},{"before":"fe16f586d5e1da78e4374fdd5ff938524dd792d0","after":"8c9d2d656b35e913f33f723aaaf90cc4ee71a335","ref":"refs/heads/main","pushedAt":"2024-03-07T14:12:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"checkpolicy/fuzz: Update check_level() to use notdefined field\n\nCommit fe16f586 (Fix potential double free of mls_level_t) renamed\nthe \"defined\" field to \"notdefined\", but did not update this use of\nit.\n\nUse the new field \"notdefined\" for the check.\n\nSigned-off-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"checkpolicy/fuzz: Update check_level() to use notdefined field"}},{"before":"82195e77e317d322dd9b5fc31d402462d6845357","after":"fe16f586d5e1da78e4374fdd5ff938524dd792d0","ref":"refs/heads/main","pushedAt":"2024-03-04T19:11:56.000Z","pushType":"push","commitsCount":20,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"checkpolicy, libsepol: Fix potential double free of mls_level_t\n\nIn checkpolicy, a sensitivity that has one or more aliases will\ntemporarily share the mls_level_t structure with its aliases until\na level statement is processed for the sensitivity (or one of the\naliases) and the aliases are updated to have their own mls_level_t\nstructure. If the policydb is destroyed while they are sharing the\nmls_level_t structure, then a double free of the shared mls_level_t\nwill occur. This does not currently occur only because checkpolicy\ndoes very little clean-up before exiting.\n\nThe \"defined\" field of the level_datum_t is set after a level\nstatement is processed for a sensitivity and its aliases. This means\nthat we know an alias has its own mls_level_t if the \"defined\" field\nis set. The double free can be avoided by not destroying the\nmls_leve_t structure for an alias unless the \"defined\" field is set.\n\nSince the \"defined\" field is only set to false while the mls_level_t\nstructure is being shared, it would be clearer to rename the field\nas \"notdefined\". It would only be set during the time the sensitivity\nand its aliases are sharing the mls_level_t structure. Outside of\ncheckpolicy, the \"notdefined\" field will always be set to 0.\n\nAlso, do more validation of the level_datum_t when validating the\npolicydb.\n\nSigned-off-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"checkpolicy, libsepol: Fix potential double free of mls_level_t"}},{"before":"97fa708d867ecb26e8d1c766760947f8e3b9e59a","after":"82195e77e317d322dd9b5fc31d402462d6845357","ref":"refs/heads/main","pushedAt":"2024-01-25T19:53:40.000Z","pushType":"push","commitsCount":18,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libselinux: use reentrant strtok_r(3)\n\nUse the reentrant version strtok_r(3) instead of strtok(3) to avoid\npotential data races with concurrent threads.\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libselinux: use reentrant strtok_r(3)"}},{"before":"5939fb960ba45294ee419a73919690652767f7c0","after":"97fa708d867ecb26e8d1c766760947f8e3b9e59a","ref":"refs/heads/main","pushedAt":"2023-12-13T14:56:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.6 for release.\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"Update VERSIONs to 3.6 for release."}},{"before":"89dd980c1e9a800f104c1db2b4c9e77be532ca35","after":"5939fb960ba45294ee419a73919690652767f7c0","ref":"refs/heads/main","pushedAt":"2023-12-12T16:42:22.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libselinux: state setexecfilecon(3) sets errno on failure\n\nThe other functions (getexeccon(3) and setexeccon(3)) from the man page\nalso set errno on failure similar to the getcon(3) function family.\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libselinux: state setexecfilecon(3) sets errno on failure"}},{"before":"0f5a8dd3ac8226264dc01df6bd0eca8ae7443db6","after":"89dd980c1e9a800f104c1db2b4c9e77be532ca35","ref":"refs/heads/main","pushedAt":"2023-12-06T20:53:31.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"Add CPPFLAGS to Makefiles\n\nThis patch adds CPPFLAGS to all of the Makefiles as suggested.\n\nSigned-off-by: Cameron Williams <ckwilliams.work@gmail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"Add CPPFLAGS to Makefiles"}},{"before":"fdb536f38de2a891a49fd015ccbf46a08f6c680c","after":"0f5a8dd3ac8226264dc01df6bd0eca8ae7443db6","ref":"refs/heads/main","pushedAt":"2023-11-22T15:20:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.6-rc2 for release.\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"Update VERSIONs to 3.6-rc2 for release."}},{"before":"4f6a3abc4f681f7b8e360ace77eb29554d446cca","after":"fdb536f38de2a891a49fd015ccbf46a08f6c680c","ref":"refs/heads/main","pushedAt":"2023-11-21T14:07:47.000Z","pushType":"push","commitsCount":19,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libsepol: avoid fixed sized format buffer for xperms\n\nAn extended access vector rule can consist of many individual ranges of\npermissions.  Use a dynamically growing sized buffer for formatting such\nrules instead of a static buffer to avoid write failures due to\ntruncations.\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libsepol: avoid fixed sized format buffer for xperms"}},{"before":"1aaf59434652b67e0ffadc9c796912ac7af8d05d","after":"4f6a3abc4f681f7b8e360ace77eb29554d446cca","ref":"refs/heads/main","pushedAt":"2023-11-16T14:54:46.000Z","pushType":"push","commitsCount":19,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libsepol: validate common classes have at least one permissions\n\nThe traditional language and CIL permit common classes only to be\ndefined with at least one permission.  Thus writing a common class\nwithout one will fail.\n\nReported-by: oss-fuzz (issue 64059)\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libsepol: validate common classes have at least one permissions"}},{"before":"489197c419dad9994ed57dc06097c8e9103c7a09","after":"1aaf59434652b67e0ffadc9c796912ac7af8d05d","ref":"refs/heads/main","pushedAt":"2023-11-08T15:12:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"bachradsusi","name":"Petr Lautrbach","path":"/bachradsusi","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8234493?s=80&v=4"},"commit":{"message":"Update VERSIONs to 3.6-rc1 for release.\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>","shortMessageHtmlLink":"Update VERSIONs to 3.6-rc1 for release."}},{"before":"6df403d5976d234f9f971fdd26d12c9de4fc98bd","after":"489197c419dad9994ed57dc06097c8e9103c7a09","ref":"refs/heads/main","pushedAt":"2023-11-07T21:38:50.000Z","pushType":"push","commitsCount":14,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"Update translations\n\nSource: https://translate.fedoraproject.org/projects/selinux/\n\nSigned-off-by: Petr Lautrbach <lautrbach@redhat.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"Update translations"}},{"before":"e60939110598e1a143998daf80b8e9161c156586","after":"6df403d5976d234f9f971fdd26d12c9de4fc98bd","ref":"refs/heads/main","pushedAt":"2023-10-12T17:47:25.000Z","pushType":"push","commitsCount":21,"pusher":{"login":"jwcart2","name":"James Carter","path":"/jwcart2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/11771386?s=80&v=4"},"commit":{"message":"libselinux: set errno on label lookup failure\n\nselabel_lookup(3) is expected to set errno on lookup failure, i.e. when\nit returns NULL.  Set errno if a regular expression failed to compile in\ncompile_regex().\n\nSigned-off-by: Christian Göttsche <cgzones@googlemail.com>\nAcked-by: James Carter <jwcart2@gmail.com>","shortMessageHtmlLink":"libselinux: set errno on label lookup failure"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEjT600AA","startCursor":null,"endCursor":null}},"title":"Activity · SELinuxProject/selinux"}