4f3e42bcbb
- Update to version 3.3 * Fixed use-after-free in parse_module_store() * Fixed use_after_free in semanage_direct_write_langext() - Update to version 3.3 * Fixed use-after-free in parse_module_store() * Fixed use_after_free in semanage_direct_write_langext() OBS-URL: https://build.opensuse.org/request/show/930929 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=94
414 lines
16 KiB
Plaintext
414 lines
16 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Nov 11 13:26:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.3
|
|
* Fixed use-after-free in parse_module_store()
|
|
* Fixed use_after_free in semanage_direct_write_langext()
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 18 08:31:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Link to correct so version
|
|
- Minor spec file cleanups
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 17 08:29:15 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Move configuration file to separate libsemanage-conf package to allow
|
|
for parallel installation in future versions
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 9 09:09:18 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.2
|
|
* dropped old and deprecated symbols and functions
|
|
libsemanage version was bumped to libsemanage.so.2
|
|
* libsemanage tries to sync data to prevent empty files in SELinux module
|
|
store
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 29 14:37:19 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Add /var/lib/selinux
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 15 08:17:18 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Remove libsemanage-update-map-file.patch to prevent checkers from declining
|
|
the submission. Keeping the snippet in the spec file in case we try to
|
|
enable LTO again
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 14 08:36:19 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.1
|
|
* Improved manpage
|
|
* fsync final files before rename
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 16 07:08:59 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Disabled LTO again. This breaks e.g. shadow and also other packages
|
|
in security:SELinux
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 12 09:07:31 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
|
|
|
- Fix build with LTO: [bsc#1133102]
|
|
* Enable LTO (Link Time Optimization) and build with -ffat-lto-objects
|
|
* Update map file to include new symbols and remove wildcards
|
|
- Add libsemanage-update-map-file.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 4 09:57:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Drop suse_path.patch: replace it with a grep/sed logic replacing
|
|
/usr/libexec in all files with the correct value for all distros
|
|
(taking into account that openSUSE is in progress of migrating
|
|
from /usr/lib to /usr/libexec).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 29 12:51:17 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
|
|
|
- Apply suse_path.patch only for older distributions. Newer
|
|
use libexec
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 3 12:23:51 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
|
|
|
- Update to version 3.0
|
|
* Add support for DCCP and SCTP protocols
|
|
* include internal header to use the hidden function prototypes
|
|
* mark all exported function "extern"
|
|
* optionally optimize policy on rebuild
|
|
Refreshed suse_path.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 20 10:22:04 UTC 2019 - Martin Liška <mliska@suse.cz>
|
|
|
|
- Disable LTO due to symbol versioning (boo#1138812).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 20 15:10:21 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Update to version 2.9
|
|
* Always set errno to 0 before calling getpwent()
|
|
* Include user name in ROLE_REMOVE audit events
|
|
* genhomedircon - improve handling large groups
|
|
* improve semanage_migrate_store import failure
|
|
* reset umask before creating directories
|
|
* set selinux policy root around calls to selinux_boolean_sub
|
|
* use previous seuser when getting the previous name
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 8 09:31:42 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Use more %make_install.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 8 07:19:24 UTC 2018 - jsegitz@suse.com
|
|
|
|
- Adjusted source urls (bsc#1115052)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 27 13:19:59 UTC 2018 - pmonrealgonzalez@suse.com
|
|
|
|
- update to version 2.8
|
|
* semanage fcontext -l now also lists home directory entries from
|
|
file_contexts.homedirs.
|
|
* libsemanage no longer deletes the tmp directory if there is an error
|
|
while committing the policy transaction, so that any temporary files
|
|
can be further inspected for debugging purposes (e.g. to examine a
|
|
particular line of the generated CIL module). The tmp directory will
|
|
be deleted upon the next transaction, so no manual removal is needed.
|
|
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
|
|
DESTDIR has to be removed from the definition. For example on Arch
|
|
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
|
|
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
|
|
|
|
- Clened with spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 8 19:07:16 UTC 2018 - rgoldwyn@suse.com
|
|
|
|
- Update to version 2.7. Changes:
|
|
* IB support
|
|
* saves linked policy and skips relinking whenever possible
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com
|
|
|
|
- Update to version 2.6. Notable changes:
|
|
* genhomedircon: do not suppress logging from libsepol
|
|
* genhomedircon: use userprefix as the role for homedir
|
|
* Fix bug preventing the installation of base modules
|
|
* Use pp module name instead of filename when installing module
|
|
* genhomedircon: remove hardcoded refpolicy strings
|
|
* genhomedircon: add support for %group syntax
|
|
* genhomedircon: generate contexts for logins mapped to the default user
|
|
* Validate and compile file contexts before installing
|
|
* Swap tcp and udp protocol numbers
|
|
* genhomedircon: %{USERID} and %{USERNAME} support and code cleanups
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org
|
|
|
|
- Split out the Policy Store Migration tool into
|
|
libsemanage-store-migrate: it is not a devel tool to start with.
|
|
Additionally, it causes the -devel package to depend on python,
|
|
which we want to avoid (libsemanabe being part of the core build
|
|
cycle). The library suggests libsemanage-store-migrate.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de
|
|
|
|
- Update RPM groups, trim description, combine filelist entries,
|
|
ensure pkgconfig() symbols are generated.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com
|
|
|
|
- Without bug number no submit to SLE 12 SP2 is possible, so to make
|
|
sle-changelog-checker happy: bsc#988977
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com
|
|
|
|
- Added suse_path.patch to fix path to hll compiler
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su
|
|
|
|
- update version 2.5
|
|
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
|
|
* Fix uninitialized variable in direct_commit and direct_api
|
|
* semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so
|
|
* Store homedir_template and users_extra in policy store
|
|
* Fix null pointer dereference in semanage_module_key_destroy
|
|
* Add semanage_module_extract() to extract a module as CIL or HLL
|
|
* semanage_migrate_store: add -r <root> option for migrating inside chroots
|
|
* Add file_contexts and seusers to the store
|
|
* Add policy binary and file_contexts.local to the store
|
|
* Allow to install compressed modules without a compression extension
|
|
* Do not copy contexts in semanage_migrate_store
|
|
* Fix logic in bunzip for uncompressed pp files
|
|
* Fix fname[] initialization in test_utilities.c
|
|
* Add remove-hll semanage.conf option to remove HLL files after
|
|
compilation to CIL
|
|
* Fix memory leaks when parsing semanage.conf
|
|
* Change bunzip to use heap instead of stack to prevent segfault on
|
|
systems with small stack size
|
|
- changes in 2.4
|
|
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
|
|
directories
|
|
* Fix bugs found by hardened gcc flags
|
|
* Add missing manpage links to security_load_policy
|
|
* Fix failing libsemanage pywrap tests
|
|
* Fix deprecation warning for bison
|
|
* Skip policy module relink when only setting booleans
|
|
* Only try to compile file contexts if they exist
|
|
* Fix memory leak when setting a custom store path
|
|
* Add semodule option to set store root path in semanage.conf and the
|
|
semodule command
|
|
* Add semanage.conf option to set an alternative root path for policy
|
|
store
|
|
* Add support for High Level Language (HLL) to CIL compilers. The HLL
|
|
compiler path is configurable, but should be placed in
|
|
/usr/libexec/selinux/hll by default
|
|
* Create a policy migration script for migrating the policy store from
|
|
/etc/selinux to /var/lib/selinux
|
|
* Add python3 support to the migration script
|
|
* Use libcil to compile modules
|
|
* Use symbolic versioning to maintain ABI compatibility for old install
|
|
functions
|
|
* Add a target-platform option to semanage.conf to control how policies
|
|
are built
|
|
* Add API to handle modules and source policies, moving module store to
|
|
/var/lib/selinux
|
|
* Only try to compile file contexts if they exist
|
|
|
|
-------------------------------------------------------------------
|
|
Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org
|
|
|
|
- version 2.3
|
|
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com
|
|
|
|
- add semanage.conf as SOURCE and install it instead of the default
|
|
one
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com
|
|
|
|
- Update to version 2.2
|
|
* Avoid duplicate list entries
|
|
* Add audit support to libsemanage
|
|
* Remove policy.kern and replace with symlink
|
|
* Apply a MAX_UID check for genhomedircon
|
|
* Fix man pages
|
|
- Add audit-devel BuildRequires; new dependency
|
|
- Add fdupes BuildRequires and use it to symlink duplicate manpages
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com
|
|
|
|
- change the source url to the official 2.1.10 release tarball
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com
|
|
|
|
- fixed source url
|
|
- removed old tarball
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com
|
|
|
|
- update to 2.1.10
|
|
* Add sefcontext_compile to compile regex everytime policy is rebuilt
|
|
* Cleanup/fix enable/disable/remove module.
|
|
* redo genhomedircon minuid
|
|
* fixes from coverity
|
|
* semanage_store: do not leak memory in semanage_exec_prog
|
|
* genhomedircon: remove useless conditional in get_home_dirs
|
|
* genhomedircon: double free in get_home_dirs
|
|
* fcontext_record: do not leak on error in semanage_fcontext_key_create
|
|
* genhomedircon: do not leak on failure in write_gen_home_dir_context
|
|
* semanage_store: do not leak fd
|
|
* genhomedircon: do not leak shells list
|
|
* semanage_store: do not leak on strdup failure
|
|
* semanage_store: rewrite for readability
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com
|
|
|
|
- update to 2.1.9
|
|
* dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream)
|
|
* libsemanage: do not set soname needlessly
|
|
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
|
|
* do boolean name substitution
|
|
* Fix segfault for building standard policies.
|
|
* remove build warning when build swig c files
|
|
* additional makefile support for rubywrap
|
|
* ignore 80 column limit for readability
|
|
* semanage_store: fix snprintf length argument by using asprintf
|
|
* Use default semanage.conf as a fallback
|
|
* use after free in python bindings
|
|
* Alternate path for semanage.conf
|
|
* do not link against libpython, this is considered bad in Debian
|
|
* Allow to build for several ruby version
|
|
* fallback-user-level
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de
|
|
|
|
- Remove obsolete defines/sections
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com
|
|
|
|
- when building "standard" (not MCS/MLS) selinux-policies,
|
|
libsemanage will crash, because "level" is NULL
|
|
(libsemanage-2.1.6-NULL_level_fix.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com
|
|
|
|
- license update: LGPL-2.1+
|
|
Could not find any LGPL-2.1 "only" licensed files in the pacakge
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com
|
|
|
|
- Updated to 2.1.6
|
|
* changes too numerous to list
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com
|
|
|
|
- cross-build fix: use %__cc macro
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de
|
|
|
|
- buildrequire libbz2-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org
|
|
|
|
- split off python bindings to separate package to reduce build
|
|
dependencies for rpm [bnc#695436]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 18 13:38:44 UTC 2011 - coolo@novell.com
|
|
|
|
- add baselibs.conf for rpm-32bit to use
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com
|
|
|
|
- disable parallel build, it breaks too often
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz
|
|
|
|
- updated to 2.0.43
|
|
* changes too numerous to list
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz
|
|
|
|
- fix assignment of wrong context [bnc#466793]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz
|
|
|
|
- updated to 2.0.31
|
|
* policy module compression (bzip) support from Dan Walsh
|
|
* hard link files between tmp/active/previous from Dan Walsh
|
|
* add semanage_mls_enabled() interface from Stephen Smalley
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz
|
|
|
|
- updated to 2.0.29
|
|
* add USER to lines to homedir_template context file
|
|
* add compression support
|
|
* allow fcontext and seuser changes without rebuilding the policy
|
|
* don't rebuild on fcontext or seuser modifications
|
|
* modify genhomedircon to skip %groupname entries
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de
|
|
|
|
- fix debug_packages_requires define
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz
|
|
|
|
- require only version, not release [bnc#429053]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz
|
|
|
|
- updated to 2.0.27
|
|
* Modify genhomedircon to skip %groupname entries.
|
|
Ultimately we need to expand them to the list of users to support
|
|
per-role homedir labeling when using the %groupname syntax.
|
|
- updated to 2.0.26
|
|
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
|
|
Strip any trailing slash before appending /*$.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de
|
|
|
|
- fix requires for debuginfo package
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz
|
|
|
|
- initial version 2.0.25
|
|
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>
|
|
|