lets think about 3.3 release

lets think about 3.3 release

[Petr Lautrbach]

Hello,

I's about 184 commits and 5 months since the last release so I think
it's time to slowly stop the development and start with 3.3 release
candidates.

According to patchwork, there are few patches in queue which need to be
reviewed, or which were reviewed and some change for requested:

* https://patchwork.kernel.org/patch/11436955/ New [RFC] libsepol,secilc,policycoreutils: add unprivileged sandboxing capability
* https://patchwork.kernel.org/patch/11668455/ New selinux: make use of variables when defining libdir and includedir

old, without any activity for a long time

* https://patchwork.kernel.org/patch/12291637/ New [v2] checkpolicy: fix the leak memory when uses xperms

changes requested

* https://patchwork.kernel.org/patch/12372487/ New [v2] libselinux: add lock callbacks
* https://patchwork.kernel.org/patch/12377593/ New libselinux/utils: drop requirement to combine compiling and linking

no response yet

* https://patchwork.kernel.org/patch/12420657/ New [userspace]  libsepol/cil: remove obsolete comment

acked, ready to be merged

* https://patchwork.kernel.org/patch/12422971/ New mcstrans: Improve mlstrans-test output

no response yet


if I missed something please tell me.


There's one issue opened on the mailing list

https://lore.kernel.org/selinux/874kc57220.fsf@defensec.nl/T/#t -
libsepol regressions

If you agree and there's no obejction I can start with preparation and
plan to release 3.3-rc1 on Wed Aug 18 2021


Petr

Re: lets think about 3.3 release

[James Carter]

On Fri, Aug 6, 2021 at 2:29 PM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> Hello,
>
> I's about 184 commits and 5 months since the last release so I think
> it's time to slowly stop the development and start with 3.3 release
> candidates.
>
> According to patchwork, there are few patches in queue which need to be
> reviewed, or which were reviewed and some change for requested:
>
> * https://patchwork.kernel.org/patch/11436955/ New [RFC] libsepol,secilc,policycoreutils: add unprivileged sandboxing capability
> * https://patchwork.kernel.org/patch/11668455/ New selinux: make use of variables when defining libdir and includedir
>
> old, without any activity for a long time
>
> * https://patchwork.kernel.org/patch/12291637/ New [v2] checkpolicy: fix the leak memory when uses xperms
>
> changes requested
>
> * https://patchwork.kernel.org/patch/12372487/ New [v2] libselinux: add lock callbacks
> * https://patchwork.kernel.org/patch/12377593/ New libselinux/utils: drop requirement to combine compiling and linking
>
> no response yet
>
> * https://patchwork.kernel.org/patch/12420657/ New [userspace]  libsepol/cil: remove obsolete comment
>
> acked, ready to be merged
>
> * https://patchwork.kernel.org/patch/12422971/ New mcstrans: Improve mlstrans-test output
>
> no response yet
>
>
> if I missed something please tell me.
>
>
> There's one issue opened on the mailing list
>
> https://lore.kernel.org/selinux/874kc57220.fsf@defensec.nl/T/#t -
> libsepol regressions
>

I am working to address this and hope to have something out in the
next couple of days. I am also working on fixing some issues with the
line mark stuff in CIL. It would be nice to have both of these in the
next release, but I don't think they need to hold things up either.
Jim

> If you agree and there's no obejction I can start with preparation and
> plan to release 3.3-rc1 on Wed Aug 18 2021
>
>
> Petr
>

Re: lets think about 3.3 release

[Dominick Grift]

James Carter <jwcart2@gmail.com> writes:

> On Fri, Aug 6, 2021 at 2:29 PM Petr Lautrbach <plautrba@redhat.com> wrote:
>>
>> Hello,
>>
>> I's about 184 commits and 5 months since the last release so I think
>> it's time to slowly stop the development and start with 3.3 release
>> candidates.
>>
>> According to patchwork, there are few patches in queue which need to be
>> reviewed, or which were reviewed and some change for requested:
>>
>> * https://patchwork.kernel.org/patch/11436955/ New [RFC]
>> libsepol,secilc,policycoreutils: add unprivileged sandboxing
>> capability
>> * https://patchwork.kernel.org/patch/11668455/ New selinux: make use of variables when defining libdir and includedir
>>
>> old, without any activity for a long time
>>
>> * https://patchwork.kernel.org/patch/12291637/ New [v2] checkpolicy: fix the leak memory when uses xperms
>>
>> changes requested
>>
>> * https://patchwork.kernel.org/patch/12372487/ New [v2] libselinux: add lock callbacks
>> * https://patchwork.kernel.org/patch/12377593/ New libselinux/utils: drop requirement to combine compiling and linking
>>
>> no response yet
>>
>> * https://patchwork.kernel.org/patch/12420657/ New [userspace]  libsepol/cil: remove obsolete comment
>>
>> acked, ready to be merged
>>
>> * https://patchwork.kernel.org/patch/12422971/ New mcstrans: Improve mlstrans-test output
>>
>> no response yet
>>
>>
>> if I missed something please tell me.
>>
>>
>> There's one issue opened on the mailing list
>>
>> https://lore.kernel.org/selinux/874kc57220.fsf@defensec.nl/T/#t -
>> libsepol regressions
>>
>
> I am working to address this and hope to have something out in the
> next couple of days. I am also working on fixing some issues with the
> line mark stuff in CIL. It would be nice to have both of these in the
> next release, but I don't think they need to hold things up either.
> Jim

It's too soon for me to start worrying about this but:

I don't care if my dssp5 policy breaks due to this regression (that is
what it is) because other than me no one probably uses it, but I also
maintain a policy for OpenWrt which relies on this functionality (or
allowing duplicate blocks, macros) and I would not want to have this
break there come 3.3.

>
>> If you agree and there's no obejction I can start with preparation and
>> plan to release 3.3-rc1 on Wed Aug 18 2021
>>
>>
>> Petr
>>

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: lets think about 3.3 release

[Nicolas Iooss]

On Mon, Aug 9, 2021 at 4:44 PM Dominick Grift
<dominick.grift@defensec.nl> wrote:
>
> James Carter <jwcart2@gmail.com> writes:
>
> > On Fri, Aug 6, 2021 at 2:29 PM Petr Lautrbach <plautrba@redhat.com> wrote:
> >>
> >> Hello,
> >>
> >> I's about 184 commits and 5 months since the last release so I think
> >> it's time to slowly stop the development and start with 3.3 release
> >> candidates.
> >>
> >> According to patchwork, there are few patches in queue which need to be
> >> reviewed, or which were reviewed and some change for requested:
> >>
> >> * https://patchwork.kernel.org/patch/11436955/ New [RFC]
> >> libsepol,secilc,policycoreutils: add unprivileged sandboxing
> >> capability
> >> * https://patchwork.kernel.org/patch/11668455/ New selinux: make use of variables when defining libdir and includedir
> >>
> >> old, without any activity for a long time
> >>
> >> * https://patchwork.kernel.org/patch/12291637/ New [v2] checkpolicy: fix the leak memory when uses xperms
> >>
> >> changes requested
> >>
> >> * https://patchwork.kernel.org/patch/12372487/ New [v2] libselinux: add lock callbacks
> >> * https://patchwork.kernel.org/patch/12377593/ New libselinux/utils: drop requirement to combine compiling and linking
> >>
> >> no response yet
> >>
> >> * https://patchwork.kernel.org/patch/12420657/ New [userspace]  libsepol/cil: remove obsolete comment
> >>
> >> acked, ready to be merged
> >>
> >> * https://patchwork.kernel.org/patch/12422971/ New mcstrans: Improve mlstrans-test output
> >>
> >> no response yet
> >>
> >>
> >> if I missed something please tell me.
> >>
> >>
> >> There's one issue opened on the mailing list
> >>
> >> https://lore.kernel.org/selinux/874kc57220.fsf@defensec.nl/T/#t -
> >> libsepol regressions
> >>
> >
> > I am working to address this and hope to have something out in the
> > next couple of days. I am also working on fixing some issues with the
> > line mark stuff in CIL. It would be nice to have both of these in the
> > next release, but I don't think they need to hold things up either.
> > Jim
>
> It's too soon for me to start worrying about this but:
>
> I don't care if my dssp5 policy breaks due to this regression (that is
> what it is) because other than me no one probably uses it, but I also
> maintain a policy for OpenWrt which relies on this functionality (or
> allowing duplicate blocks, macros) and I would not want to have this
> break there come 3.3.
>
> >
> >> If you agree and there's no obejction I can start with preparation and
> >> plan to release 3.3-rc1 on Wed Aug 18 2021

Hello,
For information I am currently on holidays with quite limited access
to my mails and will be fully "back with my test machines" on
2021-08-30. In the meantime I can participate in some reviews but I am
not willing to send patches myself. Nevertheless I will try to review
the "libsepol/cil: move the fuzz target and build script to the
selinux repository" patch properly before Wednesday.

For the release, I am currently aware of two possibly-minor issues and
I do not know whether they are tracked somewhere:

1. secil2tree can output wrongly indented blocks. For example
"secil2tree -A resolve secilc/test/policy.cil" currently outputs:

(block test_ba
    (blockinherit ba)
        (roletype test_ba.r test_ba.t)
        (blockabstract z.ba)
    )
    (role test_ba.r)
    (type test_ba.t)
)

The parenthesizing "(blockinherit ba) ... )" is wrong. The
"(blockinherit ba)" could be replaced with a comment indicating that a
blockinherit was expanded.

2. semanage's gettext setup is currently incompatible with Python
3.10. More precisely
https://docs.python.org/3.8/library/gettext.html#gettext.install
indicates: "Deprecated since version 3.8, will be removed in version
3.10: The codeset parameter.". When I stumbled upon this issue, it
occured to me that the whole try-except statement in
https://github.com/SELinuxProject/selinux/blob/libsemanage-3.2/python/semanage/semanage#L34-L49
could be replaced with "import gettext" (which is a built-in module in
Python 3) and "gettext.install(PROGNAME,
localedir="/usr/share/locale")". Nevertheless I did not find time to
properly test this change, which is why I have not sent patches for it
sooner.

In my opinion, the first issue is not a release-blocker because
"secil2tree -A resolve" is not expected to output a CIL policy which
can be compiled. The second one could be, if we want to support Python
3.10 (which will be released in October) with the 3.3 release.

Thanks,
Nicolas

Re: lets think about 3.3 release

[Petr Lautrbach]

Nicolas Iooss <nicolas.iooss@m4x.org> writes:

> On Mon, Aug 9, 2021 at 4:44 PM Dominick Grift
> <dominick.grift@defensec.nl> wrote:
>>
>> James Carter <jwcart2@gmail.com> writes:
>>
>> > On Fri, Aug 6, 2021 at 2:29 PM Petr Lautrbach <plautrba@redhat.com> wrote:
>> >>
>> >> Hello,
>> >>
>> >> I's about 184 commits and 5 months since the last release so I think
>> >> it's time to slowly stop the development and start with 3.3 release
>> >> candidates.
>> >>
>> >> According to patchwork, there are few patches in queue which need to be
>> >> reviewed, or which were reviewed and some change for requested:
>> >>
>> >> * https://patchwork.kernel.org/patch/11436955/ New [RFC]
>> >> libsepol,secilc,policycoreutils: add unprivileged sandboxing
>> >> capability
>> >> * https://patchwork.kernel.org/patch/11668455/ New selinux: make use of variables when defining libdir and includedir
>> >>
>> >> old, without any activity for a long time
>> >>
>> >> * https://patchwork.kernel.org/patch/12291637/ New [v2] checkpolicy: fix the leak memory when uses xperms
>> >>
>> >> changes requested
>> >>
>> >> * https://patchwork.kernel.org/patch/12372487/ New [v2] libselinux: add lock callbacks
>> >> * https://patchwork.kernel.org/patch/12377593/ New libselinux/utils: drop requirement to combine compiling and linking
>> >>
>> >> no response yet
>> >>
>> >> * https://patchwork.kernel.org/patch/12420657/ New [userspace]  libsepol/cil: remove obsolete comment
>> >>
>> >> acked, ready to be merged
>> >>
>> >> * https://patchwork.kernel.org/patch/12422971/ New mcstrans: Improve mlstrans-test output
>> >>
>> >> no response yet
>> >>
>> >>
>> >> if I missed something please tell me.
>> >>
>> >>
>> >> There's one issue opened on the mailing list
>> >>
>> >> https://lore.kernel.org/selinux/874kc57220.fsf@defensec.nl/T/#t -
>> >> libsepol regressions
>> >>
>> >
>> > I am working to address this and hope to have something out in the
>> > next couple of days. I am also working on fixing some issues with the
>> > line mark stuff in CIL. It would be nice to have both of these in the
>> > next release, but I don't think they need to hold things up either.
>> > Jim
>>
>> It's too soon for me to start worrying about this but:
>>
>> I don't care if my dssp5 policy breaks due to this regression (that is
>> what it is) because other than me no one probably uses it, but I also
>> maintain a policy for OpenWrt which relies on this functionality (or
>> allowing duplicate blocks, macros) and I would not want to have this
>> break there come 3.3.
>>
>> >
>> >> If you agree and there's no obejction I can start with preparation and
>> >> plan to release 3.3-rc1 on Wed Aug 18 2021
>
> Hello,
> For information I am currently on holidays with quite limited access
> to my mails and will be fully "back with my test machines" on
> 2021-08-30. In the meantime I can participate in some reviews but I am
> not willing to send patches myself. Nevertheless I will try to review
> the "libsepol/cil: move the fuzz target and build script to the
> selinux repository" patch properly before Wednesday.
>
> For the release, I am currently aware of two possibly-minor issues and
> I do not know whether they are tracked somewhere:
>
> 1. secil2tree can output wrongly indented blocks. For example
> "secil2tree -A resolve secilc/test/policy.cil" currently outputs:
>
> (block test_ba
>     (blockinherit ba)
>         (roletype test_ba.r test_ba.t)
>         (blockabstract z.ba)
>     )
>     (role test_ba.r)
>     (type test_ba.t)
> )
>
> The parenthesizing "(blockinherit ba) ... )" is wrong. The
> "(blockinherit ba)" could be replaced with a comment indicating that a
> blockinherit was expanded.
>
> 2. semanage's gettext setup is currently incompatible with Python
> 3.10. More precisely
> https://docs.python.org/3.8/library/gettext.html#gettext.install
> indicates: "Deprecated since version 3.8, will be removed in version
> 3.10: The codeset parameter.". When I stumbled upon this issue, it
> occured to me that the whole try-except statement in
> https://github.com/SELinuxProject/selinux/blob/libsemanage-3.2/python/semanage/semanage#L34-L49
> could be replaced with "import gettext" (which is a built-in module in
> Python 3) and "gettext.install(PROGNAME,
> localedir="/usr/share/locale")". Nevertheless I did not find time to
> properly test this change, which is why I have not sent patches for it
> sooner.
>
> In my opinion, the first issue is not a release-blocker because
> "secil2tree -A resolve" is not expected to output a CIL policy which
> can be compiled. The second one could be, if we want to support Python
> 3.10 (which will be released in October) with the 3.3 release.
>

Thanks everybody.

Based on the input, I will not prepare rc1 tomorrow. And I'll be offline
next week so lets postpone rc1 to Wed Sep 08 2021.

Petr

Re: lets think about 3.3 release

[Petr Lautrbach]

Petr Lautrbach <plautrba@redhat.com> writes:

> Hello,
>
> I's about 184 commits and 5 months since the last release so I think
> it's time to slowly stop the development and start with 3.3 release
> candidates.


Currently patchwork contains just these patches which should be relevant
to 3.3:

https://patchwork.kernel.org/patch/12435365/ New [1/2] libsepol/cil: Improve in-statement to allow use after inheritance
https://patchwork.kernel.org/patch/12435363/ New [2/2] libsepol/secilc/docs: Update the CIL documentation

These are probably superseeded already, but I'm not sure. Please take a look.


https://patchwork.kernel.org/patch/12470297/ New [1/3,v2] libsepol/cil: Remove redundant syntax checking
https://patchwork.kernel.org/patch/12470301/ New [2/3,v2] libsepol/cil: Use size_t for len in __cil_verify_syntax()
https://patchwork.kernel.org/patch/12470299/ New [3/3,v2] libsepol/cil: Fix syntax checking in __cil_verify_syntax()

Wait for review.

So I think selinux-3.3-rc1 can be released on next Wednesday 2021-09-08

If you have any concerns, comments or suggestion, let us know.

Also I really don't understand all the changes in libsepol so please help me
to collect release notes information for it. I'll post a release notes
draft with other components later today.


Thanks,

Petr

Re: lets think about 3.3 release

[Dominick Grift]

Petr Lautrbach <plautrba@redhat.com> writes:

> Petr Lautrbach <plautrba@redhat.com> writes:
>
>> Hello,
>>
>> I's about 184 commits and 5 months since the last release so I think
>> it's time to slowly stop the development and start with 3.3 release
>> candidates.
>
>
> Currently patchwork contains just these patches which should be relevant
> to 3.3:
>
> https://patchwork.kernel.org/patch/12435365/ New [1/2] libsepol/cil:
> Improve in-statement to allow use after inheritance
> https://patchwork.kernel.org/patch/12435363/ New [2/2] libsepol/secilc/docs: Update the CIL documentation

Strictly speaking these can probably wait until after 3.3 although it would
be nice to get this in.

Maybe eventually some day in the distant future we can re-consider
disallowing duplicate macro and block declarations in favor of this functionality.

>
> These are probably superseeded already, but I'm not sure. Please take a look.
>
>
> https://patchwork.kernel.org/patch/12470297/ New [1/3,v2] libsepol/cil: Remove redundant syntax checking
> https://patchwork.kernel.org/patch/12470301/ New [2/3,v2]
> libsepol/cil: Use size_t for len in __cil_verify_syntax()
> https://patchwork.kernel.org/patch/12470299/ New [3/3,v2]
> libsepol/cil: Fix syntax checking in __cil_verify_syntax()
>
> Wait for review.
>
> So I think selinux-3.3-rc1 can be released on next Wednesday 2021-09-08
>
> If you have any concerns, comments or suggestion, let us know.
>
> Also I really don't understand all the changes in libsepol so please help me
> to collect release notes information for it. I'll post a release notes
> draft with other components later today.
>
>
> Thanks,
>
> Petr
>
>

-- 
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift

Re: lets think about 3.3 release

[James Carter]

On Fri, Sep 3, 2021 at 4:38 AM Dominick Grift
<dominick.grift@defensec.nl> wrote:
>
> Petr Lautrbach <plautrba@redhat.com> writes:
>
> > Petr Lautrbach <plautrba@redhat.com> writes:
> >
> >> Hello,
> >>
> >> I's about 184 commits and 5 months since the last release so I think
> >> it's time to slowly stop the development and start with 3.3 release
> >> candidates.
> >
> >
> > Currently patchwork contains just these patches which should be relevant
> > to 3.3:
> >
> > https://patchwork.kernel.org/patch/12435365/ New [1/2] libsepol/cil:
> > Improve in-statement to allow use after inheritance
> > https://patchwork.kernel.org/patch/12435363/ New [2/2] libsepol/secilc/docs: Update the CIL documentation
>
> Strictly speaking these can probably wait until after 3.3 although it would
> be nice to get this in.
>
> Maybe eventually some day in the distant future we can re-consider
> disallowing duplicate macro and block declarations in favor of this functionality.
>
> >
> > These are probably superseeded already, but I'm not sure. Please take a look.
> >

They are waiting for the three patches below, so they can all be
merged together.

> >
> > https://patchwork.kernel.org/patch/12470297/ New [1/3,v2] libsepol/cil: Remove redundant syntax checking
> > https://patchwork.kernel.org/patch/12470301/ New [2/3,v2]
> > libsepol/cil: Use size_t for len in __cil_verify_syntax()
> > https://patchwork.kernel.org/patch/12470299/ New [3/3,v2]
> > libsepol/cil: Fix syntax checking in __cil_verify_syntax()
> >
> > Wait for review.
> >

The only changes are what Nicolas suggested when he reviewed them, so
I don't think it will be too long before these will be merged. I don't
have anything else other than these.

Jim




> > So I think selinux-3.3-rc1 can be released on next Wednesday 2021-09-08
> >
> > If you have any concerns, comments or suggestion, let us know.
> >
> > Also I really don't understand all the changes in libsepol so please help me
> > to collect release notes information for it. I'll post a release notes
> > draft with other components later today.
> >
> >
> > Thanks,
> >
> > Petr
> >
> >
>
> --
> gpg --locate-keys dominick.grift@defensec.nl
> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
> Dominick Grift

Re: lets think about 3.3 release

[Petr Lautrbach]

James Carter <jwcart2@gmail.com> writes:

> On Fri, Sep 3, 2021 at 4:38 AM Dominick Grift
> <dominick.grift@defensec.nl> wrote:
>>
>> Petr Lautrbach <plautrba@redhat.com> writes:
>>
>> > Petr Lautrbach <plautrba@redhat.com> writes:
>> >
>> >> Hello,
>> >>
>> >> I's about 184 commits and 5 months since the last release so I think
>> >> it's time to slowly stop the development and start with 3.3 release
>> >> candidates.
>> >
>> >
>> > Currently patchwork contains just these patches which should be relevant
>> > to 3.3:
>> >
>> > https://patchwork.kernel.org/patch/12435365/ New [1/2] libsepol/cil:
>> > Improve in-statement to allow use after inheritance
>> > https://patchwork.kernel.org/patch/12435363/ New [2/2] libsepol/secilc/docs: Update the CIL documentation
>>
>> Strictly speaking these can probably wait until after 3.3 although it would
>> be nice to get this in.
>>
>> Maybe eventually some day in the distant future we can re-consider
>> disallowing duplicate macro and block declarations in favor of this functionality.
>>
>> >
>> > These are probably superseeded already, but I'm not sure. Please take a look.
>> >
>
> They are waiting for the three patches below, so they can all be
> merged together.
>
>> >
>> > https://patchwork.kernel.org/patch/12470297/ New [1/3,v2] libsepol/cil: Remove redundant syntax checking
>> > https://patchwork.kernel.org/patch/12470301/ New [2/3,v2]
>> > libsepol/cil: Use size_t for len in __cil_verify_syntax()
>> > https://patchwork.kernel.org/patch/12470299/ New [3/3,v2]
>> > libsepol/cil: Fix syntax checking in __cil_verify_syntax()
>> >
>> > Wait for review.
>> >
>
> The only changes are what Nicolas suggested when he reviewed them, so
> I don't think it will be too long before these will be merged. I don't
> have anything else other than these.
>

Great, thanks!

Petr



>
>
>
>> > So I think selinux-3.3-rc1 can be released on next Wednesday 2021-09-08
>> >
>> > If you have any concerns, comments or suggestion, let us know.
>> >
>> > Also I really don't understand all the changes in libsepol so please help me
>> > to collect release notes information for it. I'll post a release notes
>> > draft with other components later today.
>> >
>> >
>> > Thanks,
>> >
>> > Petr
>> >
>> >
>>
>> --
>> gpg --locate-keys dominick.grift@defensec.nl
>> Key fingerprint = FCD2 3660 5D6B 9D27 7FC6  E0FF DA7E 521F 10F6 4098
>> https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
>> Dominick Grift

Re: lets think about 3.3 release

[Petr Lautrbach]

Petr Lautrbach <plautrba@redhat.com> writes:

> Petr Lautrbach <plautrba@redhat.com> writes:
>
>> Hello,
>>
>> I's about 184 commits and 5 months since the last release so I think
>> it's time to slowly stop the development and start with 3.3 release
>> candidates.
>
>
> Currently patchwork contains just these patches which should be relevant
> to 3.3:
>
> https://patchwork.kernel.org/patch/12435365/ New [1/2] libsepol/cil: Improve in-statement to allow use after inheritance
> https://patchwork.kernel.org/patch/12435363/ New [2/2] libsepol/secilc/docs: Update the CIL documentation
>
> These are probably superseeded already, but I'm not sure. Please take a look.
>
>
> https://patchwork.kernel.org/patch/12470297/ New [1/3,v2] libsepol/cil: Remove redundant syntax checking
> https://patchwork.kernel.org/patch/12470301/ New [2/3,v2] libsepol/cil: Use size_t for len in __cil_verify_syntax()
> https://patchwork.kernel.org/patch/12470299/ New [3/3,v2] libsepol/cil: Fix syntax checking in __cil_verify_syntax()
>
> Wait for review.
>
> So I think selinux-3.3-rc1 can be released on next Wednesday 2021-09-08
>
> If you have any concerns, comments or suggestion, let us know.
>
> Also I really don't understand all the changes in libsepol so please help me
> to collect release notes information for it. I'll post a release notes
> draft with other components later today.
>

I'm sorry but I won't make it today. I have to leave it on Monday
morning.


Petr

Re: lets think about 3.3 - 3.3-rc1 release release notes draft

[Petr Lautrbach]

I tried to pick only important things as there's a lot of fixes related
to static analysis and compiler warnings.

Please take a look and if you miss something or want improve message
let me know.

My plan is to announce 3.3-rc1 on Wed morning (CEST)




RELEASE 3.3-rc1
======================

User-visible changes
--------------------

* When reading a binary policy by checkpolicy, do not automatically change the version
  to the max policy version supported by libsepol or, if specified, the value given
  using the "-c" flag.

* `fixfiles -C` doesn't exclude /dev and /run anymore

* CIL: Lists are allowed in constraint expressions

* CIL: Improved situation with duplicate macro and block declarations

* Added the new `secilc2tree` program to write out CIL AST.

* Improved documentation

* A lot of Static code analyse issues and compiler warnings fixed

* Bug fixes


Development-relevant changes
----------------------------

* CIFuzz is turned on in CI
  https://google.github.io/oss-fuzz/getting-started/continuous-integration/

* Fedora 34 image is used in CI


Issues fixed
------------

* https://github.com/SELinuxProject/selinux/issues/293