checkpolicy/checkpolicy.changes
Hu 732ba6f16b Accepting request 1184291 from home:cahu:security:SELinux:userspace37
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * checkpolicy: support CIDR notation for nodecon statements
    * checkpolicy: provide more descriptive error messages and improve error handling
  * Bugfixes:
    * checkpolicy: handle unprintable token
    * checkpolicy: avoid assigning garbage values
    * checkpolicy: free temporary bounds type
    * checkpolicy: perform contiguous check in host byte order
    * checkpolicy: include <ctype.h> for isprint(3)
  * oss-fuzz fixes:
    * checkpolicy: add libfuzz based fuzzer
    * checkpolicy: free complete role_allow_rule on error
    * checkpolicy: free identifiers on invalid typebounds
    * checkpolicy: return YYerror on invalid character
    * checkpolicy: clone level only once

OBS-URL: https://build.opensuse.org/request/show/1184291
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=65
2024-07-02 09:43:44 +00:00

290 lines
11 KiB
Plaintext

-------------------------------------------------------------------
Mon Jul 1 07:45:50 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* checkpolicy: support CIDR notation for nodecon statements
* checkpolicy: provide more descriptive error messages and improve error handling
* Bugfixes:
* checkpolicy: handle unprintable token
* checkpolicy: avoid assigning garbage values
* checkpolicy: free temporary bounds type
* checkpolicy: perform contiguous check in host byte order
* checkpolicy: include <ctype.h> for isprint(3)
* oss-fuzz fixes:
* checkpolicy: add libfuzz based fuzzer
* checkpolicy: free complete role_allow_rule on error
* checkpolicy: free identifiers on invalid typebounds
* checkpolicy: return YYerror on invalid character
* checkpolicy: clone level only once
-------------------------------------------------------------------
Tue Dec 19 10:43:51 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* checkpolicy: Add the command line argument -N, --disable-neverallow
* dispol: add option to display users, drop duplicate option to display booleans,
show number of entries before listing them
* dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
* dispol: add options: --actions ACTIONS, --help
* dismod: add options: --actions ACTIONS, --help
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
-------------------------------------------------------------------
Fri Feb 24 07:32:08 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.5
* error out if required permission would exceed limit
* Improve error message for type bounds
- Added additional developer key (Jason Zaman)
-------------------------------------------------------------------
Mon May 9 10:09:06 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.4
* warn on bogus IP address or netmask in nodecon statement
* allow wildcard permissions in constraints
* mention class name on invalid permission
-------------------------------------------------------------------
Thu Nov 11 13:23:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.3
* When reading a binary policy by checkpolicy, do not automatically change the version
to the max policy version supported by libsepol or, if specified, the value given
using the "-c" flag.
* Updated documentation
* Prints the reason why opening a source policy file failed
-------------------------------------------------------------------
Tue Mar 9 08:59:58 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.2
* Fix a memleak and an integer overflow
-------------------------------------------------------------------
Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
- Update to version 3.1
* checkpolicy treats invalid characters as an error - might break rare use
cases (intentionally)
* Drop extern_te_assert_t.patch, is upstream
-------------------------------------------------------------------
Tue Mar 3 12:19:40 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Update to version 3.0
* add flag to enable policy optimization
* allow to write policy to stdout
* remove a redundant if-condition
-------------------------------------------------------------------
Wed Jan 15 14:25:45 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
- Add extern_te_assert_t.patch to mark te_assert_t as extern.
Prevents build failures on gcc10 (bsc#1160259)
-------------------------------------------------------------------
Wed Mar 20 14:58:08 UTC 2019 - jsegitz@suse.com
- Update to version 2.9
* Add option to sort contexts when creating a binary policy
* Update manpage
* check the result value of hashtable_search
* destroy the class datum if it fails to initialize
* remove extraneous policy build noise
-------------------------------------------------------------------
Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS"
(RPM_LD_FLAGS is always empty).
-------------------------------------------------------------------
Wed Nov 7 16:26:24 UTC 2018 - jsegitz@suse.com
- Source URL was invalid (bsc#1115052)
-------------------------------------------------------------------
Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com
- Update to version 2.8 (bsc#1111732).
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- Dropped checkpolicy-build.patch, not necessary anymore
- Removed BuildRequires for byacc. It builds without and this blocks
building on SLE 15
-------------------------------------------------------------------
Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com
- checkpolicy-build.patch was added in the former change to fix build
failures
-------------------------------------------------------------------
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
- Rebase to 2.7.
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
-------------------------------------------------------------------
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
- Update to version 2.6. Notable changes:
* Add types associated to a role in the current scope when parsing
* Extend checkpolicy pathname matching
* Set flex as default lexer
* Fix checkmodule output message
* Fail if module name different than output base filename
* Add support for portcon dccp protocol
-------------------------------------------------------------------
Thu Jun 29 21:05:43 UTC 2017 - mpluskal@suse.com
- Use plain flex
-------------------------------------------------------------------
Thu Jul 21 13:02:06 UTC 2016 - jengelh@inai.de
- Trim/update description
-------------------------------------------------------------------
Thu Jul 14 14:18:26 UTC 2016 - jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
sle-changelog-checker happy: bsc#988977
-------------------------------------------------------------------
Fri Jul 8 16:22:15 UTC 2016 - i@marguerite.su
- update version 2.5
* Add neverallow support for ioctl extended permissions
* fix double free on name-based type transitions
* switch operations to extended perms
* policy_define.c: fix compiler warnings
* Remove uses of -Wno-return-type
* Fix -Wreturn-type issues
* dispol: display operations as ranges
* dispol: Extend to display operations
* Add support for ioctl command whitelisting
* Add option to write CIL policy
* Add device tree ocontext nodes to Xen policy
* Widen Xen IOMEM context entries
* Expand allowed character set in paths
* Fix precedence between number and filesystem tokens
* dispol/dismod fgets function warnings fix
- changes in 2.4
* Fix bugs found by hardened gcc flags
* Add missing semicolon in cond_else parser rule
* Clear errno before call to strtol(3)
* Global C++11 compatibility
* Allow libsepol C++ static library on device
-------------------------------------------------------------------
Sun May 18 00:18:53 UTC 2014 - crrodriguez@opensuse.org
- version 2.3
* Report source file and line information for neverallow failures.
* Prevent incompatible option combinations for checkmodule.
* Drop -lselinux from LDLIBS for test programs; not used.
* Add debug feature to display constraints/validatetrans from Richard Haines.
-------------------------------------------------------------------
Thu Oct 31 13:41:13 UTC 2013 - p.drouand@gmail.com
- Update to version 2.2
* Fix hyphen usage in man pages
* handle-unknown / -U required argument fix
* Support overriding Makefile PATH and LIBDIR
* Support space and : in filenames
- Remove checkpolicy-rhat.patch; fixed on upstream
-------------------------------------------------------------------
Thu Jun 27 14:29:19 UTC 2013 - vcizek@suse.com
- change the source url to the official 2.1.12 release tarball
-------------------------------------------------------------------
Fri Mar 29 13:10:16 UTC 2013 - vcizek@suse.com
- update to 2.1.12
* Fix errors found by coverity
* implement default type policy syntax
* Free allocated memory when clean up / exit.
- changes in checkpolicy-rhat.patch:
* original hunk was merged upstream
* space should be allowed for file trans names
-------------------------------------------------------------------
Wed Jan 30 11:40:10 UTC 2013 - vcizek@suse.com
- update to 2.1.11
* fd leak reading policy
* check return code on ebitmap_set_bit
* sepolgen: We need to support files that have a + in them
* implement new default labeling behaviors for usr, role, range
-------------------------------------------------------------------
Wed Jul 25 11:24:54 UTC 2012 - meissner@suse.com
- updated to 2.1.8
- various fixes
-------------------------------------------------------------------
Sat Sep 17 22:52:07 UTC 2011 - jengelh@medozas.de
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
-------------------------------------------------------------------
Thu Feb 25 14:51:44 UTC 2010 - prusnak@suse.cz
- updated to 2.0.21
* Add support for building Xen policies from Paul Nuzzi.
* Add long options to checkpolicy and checkmodule by Guido
Trentalancia <guido@trentalancia.com>
-------------------------------------------------------------------
Tue Jun 23 12:29:42 CEST 2009 - prusnak@suse.cz
- require libsepol-devel-static
-------------------------------------------------------------------
Wed May 27 13:52:37 CEST 2009 - prusnak@suse.cz
- updated to 2.0.19
* fix alias field in module format, caused by boundary format change
from Caleb Case
* properly escape regex symbols in the lexer from Stephen Smalley
* add bounds support from KaiGai Kohei
-------------------------------------------------------------------
Mon Oct 20 18:03:54 CEST 2008 - prusnak@suse.cz
- use flex-old for building (using flex does not build refpolicy)
-------------------------------------------------------------------
Tue Jul 15 17:56:14 CEST 2008 - prusnak@suse.cz
- initial version 2.0.16
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>