From patchwork Thu May 19 18:54:16 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dominick Grift <dominick.grift@defensec.nl>
X-Patchwork-Id: 1633474
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=jqOxaU9L;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=defensec.nl header.i=@defensec.nl header.a=rsa-sha256
 header.s=default header.b=LXNgWYpq;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L3zdc6HXDz9sGS
	for <incoming@patchwork.ozlabs.org>; Fri, 20 May 2022 04:58:12 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=C5rERKBpboEfCOt/T215weoEWvLl/ywZuboOzshEZdw=; b=jqOxaU9L1td7ZL
	MHM3EIgwjWOY3u648gzm730Xwtr5xVeTBebqTsL19PLEyiBqUhc3k80ek2krG9/79O/2H5A/Neyr0
	JCApyQk84Bl4KffO9R5UMSLsVTG2A0V8CPIFuwD8ZakoA2eeI0RZl+v0sBVnRwQyejYoA41TTd4cn
	AfPltUyaoyEAGveDf23wtQcfliTLCg6S14KgnJ+4sWkOmSDE8mPAFAEM33bZ2mD00DAs9+uz5O/Mz
	Mp7uRvyBwq6zyYc56IfKHTRdDytNJJkiqzrrZ4UGb6Vh4zMisd3caU1EzUT8LmmDUSsciT7oRWfSZ
	dKb+ZWY/XAXtWCEN/ySw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nrlIT-0090AG-Q5; Thu, 19 May 2022 18:54:53 +0000
Received: from markus.defensec.nl ([45.80.168.93])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1nrlIP-00908o-NC
 for openwrt-devel@lists.openwrt.org; Thu, 19 May 2022 18:54:51 +0000
Received: from brutus.. (brutus.lan [IPv6:2a10:3781:2099::438])
 by markus.defensec.nl (Postfix) with ESMTPSA id 377F4FC094C;
 Thu, 19 May 2022 20:54:43 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=defensec.nl;
 s=default; t=1652986483;
 bh=QAgPmZkoWgGDy1Fu2F+Mlqi+kbon5CzdXMGA3jVvmmc=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=LXNgWYpq2prap4s+I/zLMPypZvhcsGQV+2CS6vjAXyzNq3NwVolzkfGqVV/npCi4/
 LEYkGw7pImIHg+BwnOEfVNfWDG7b6vUdn/nEqCI4z/oxWjfA6QWhxA+OOu7A6B52R7
 L5hVPFevtUB61CQ69Zc8tpdmoiOhvWBA2xpi1PyY=
From: Dominick Grift <dominick.grift@defensec.nl>
To: openwrt-devel@lists.openwrt.org
Cc: daniel@makrotopia.org,
	Dominick Grift <dominick.grift@defensec.nl>
Subject: [PATCH 4/8] checkpolicy: update to version 3.4
Date: Thu, 19 May 2022 20:54:16 +0200
Message-Id: <20220519185418.168937-5-dominick.grift@defensec.nl>
X-Mailer: git-send-email 2.36.1
In-Reply-To: <20220519185418.168937-1-dominick.grift@defensec.nl>
References: <20220519185418.168937-1-dominick.grift@defensec.nl>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220519_115450_019361_261B6905 
X-CRM114-Status: UNSURE (   7.77  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: 0a8c177d Update VERSIONs to 3.4 for release. 9e096e6e
 libsepol, checkpolicy:
 add support for self keyword in type transitions 9df28c24 Update VERSIONs
 to 3.4-rc3 for release. 5645f803 checkpolicy: ment [...]
 Content analysis details:   (-0.9 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [45.80.168.93 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

0a8c177d Update VERSIONs to 3.4 for release.
9e096e6e libsepol,checkpolicy: add support for self keyword in type transitions
9df28c24 Update VERSIONs to 3.4-rc3 for release.
5645f803 checkpolicy: mention class name on invalid permission
2a167d11 Update VERSIONs to 3.4-rc2 for release.
73562de8 Update VERSIONs to 3.4-rc1 for release.
c900816e libsepol: Populate and use policy name
4be0e2e1 checkpolicy: allow wildcard permissions in constraints
01b88ac3 checkpolicy: warn on bogus IP address or netmask in nodecon statement
8a8275a5 checkpolicy: ignore possible string truncation
cc671d6a checkpolicy: use correct unsigned format specifiers

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
 package/utils/checkpolicy/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/utils/checkpolicy/Makefile b/package/utils/checkpolicy/Makefile
index e9c10e293f..1e7cfbe541 100644
--- a/package/utils/checkpolicy/Makefile
+++ b/package/utils/checkpolicy/Makefile
@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=checkpolicy
-PKG_VERSION:=3.3
+PKG_VERSION:=3.4
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/$(PKG_VERSION)
-PKG_HASH:=25c84edfa3a10ab8cb073b97bc55cb66377532d54a2723da9accdabd05431485
+PKG_HASH:=293851b97642cbdb1040b801a2ca6edd9f7e462031ceb472c97c2e095b9572d7
 PKG_INSTALL:=1
 PKG_BUILD_DEPENDS:=libselinux
 HOST_BUILD_DEPENDS:=libselinux/host