Accepting request 1185748 from security:SELinux

- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
  * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
  * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()

OBS-URL: https://build.opensuse.org/request/show/1185748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=56

libsepol-3.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c9dc585ea94903d784d597c861cd5dce6459168f95e22b31a0eab1cdd800975a
-size 509100

libsepol-3.6.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAMACgkQRpWIHCVF
-CNEEfg//aHKtL3/mMdGCf8nJDizS0WisFmw3wx+z6R2r0Zs6umouzv9YgjmL3pUg
-LRrSgSyqYAZKXipooK0vyXhhZOnOh6kmOY3sEjR2I+4kwWQx7IzN0DFO7p/NVUo6
-GnNmGmxFhc6mEgu6926D5ACyigoB9gysyZcQxjWGQyrRM9oAlw2bBuvN+pyic+g/
-hX7KcHgki64nNXA6dfPkoTzKE+wQ83Ni0uQmo6fzNNf+XVrb1Qw6IL3cj52Iocja
-IB91wOjSJ3WyCdYxuZ2UZu2FBJbS7DNFQCDwIskdecX2gsTrrjYF2spKK1+9Uiny
-I4nt+9H7rHg/bZltnWIMUekBKKO58DmZziJ6oEUkHkc4vRBWrNJP74DHSPSA617v
-q6y7RBP8bavehOGIfqvQ7ChXxGzGXwhjpchAOAQJ7gPEXzqnI8UgzqoXKZ1Pnyod
-mUfteWBLuJlmyPcJeZ1wXBFo3G8l7ec/3nOwZ91Fn+Aw0Tx3/HS6Sm7GOYhI/uqy
-TMk29w2tpL5LS7XEQnYgxzLEY0EH4QXHuVrR08zKbDfX+UnVSePzSGqNdaXfJyI+
-sTz9d0Uaa3LK3wucPFAGTJyeszYk8FuQi7JMfq4jh3GPtC7qCwKCkrgwPQpB1coo
-WKgd/OodA2ZzTkjT28DERI7adUYjfDxXb7HQr/oW8poWePoD7yA=
-=D1Md
------END PGP SIGNATURE-----

libsepol-3.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd741e25244e7ef6cd934d633614131a266c3eaeab33d8bfa45e8a93b45cc901
+size 511487

libsepol-3.7.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
+CNGuSQ//cFEkvjL9a7cTSPE7HI66nyYK7Kd0qj9IZfZ0356U8tC17FwBgHs4PGd5
+o2k7fMBgF9cK8Eycj5JHeu5XmyfVnn+opWn+T6K8UeostDSLxSgqaUqQ5HxK6e0E
+fR5NOR/SgNs6NDZPTAp61nXPVpUng0+N73FLDAyU9Yygy3Y3bF89elLzL0M2l9lB
+CrKv79F5WSGDG8h5YBmXloCBFiT2pzSe3D1Yse8eq34AeJAoVArz1KgQgU+dBVjW
+cldkFvzvCnOkuEoFW5M4dRpc8MEXChRVEM0RmGnzamxIpnK99qN/dlgDe3sTCYi7
+Sl42IOQuFsbVVo3Tk9Nx61oQuoPqWGe+V61ZlOTryawKm84svJ6aP74E7x0bT3KD
+V1964Yw+SbPqLYXTVHG2lpBvB2O79XjQQ00AZXys7d5b2CAallNXwTeK0HrcUT5T
+CzsBCEX4i/PLxJte6MNTIbCC4lMiyvf6AOUpus949m1WEQCtFDv/3fyHfM91uA5g
+TsGzkupwqXGepDSFZyU5lyhsCup2VC/5qh9x4zhAs4SoUb/JLTpobwiW4TwBy4mp
+xijH5y7g50u3y1k9rNcW0wNDMot+ROOdTwCRqyAzpC8rzfmaVhD7qcu4zry2CeI1
+AbGP1KH319s1Ae7wygj+/xGAiYHKR4NwL/SgdenNV4xsw/sn2gg=
+=YJy0
+-----END PGP SIGNATURE-----

libsepol.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Mon Jul  1 08:01:08 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.7
+  https://github.com/SELinuxProject/selinux/releases/tag/3.7
+  * User-visible changes:
+    * libsepol: improve policy lookup failure message
+    * libsepol: include prefix for module policy versions
+    * libsepol: validate type-attribute-map for old policies
+    * libsepol: only exempt gaps checking for kernel policies
+  * Bugfixes:
+    * libsepol/src/Makefile: fix reallocarray detection
+    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
+    * libsepol: ensure transitivity in compare functions
+  * oss-fuzz fixes:
+    * libsepol: check scope permissions refer to valid class
+    * libsepol: validate attribute-type maps
+    * libsepol: reject self flag in type rules in old policies
+    * libsepol: validate class permissions
+    * libsepol: validate access vector permissions
+    * libsepol: reject MLS support in pre-MLS policies
+    * libsepol: Fix buffer overflow when using sepol_av_to_string()
+    * libsepol: Use a dynamic buffer in sepol_av_to_string()
+
 -------------------------------------------------------------------
 Tue Dec 19 09:20:58 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
 

libsepol.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libsepol
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define libname libsepol2
 
 Name:           libsepol
-Version:        3.6
+Version:        3.7
 Release:        0
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1-or-later