pool/libsepol
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity
163 Commits 3 Branches 0 Tags
factory
Commit Graph

163 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Ana Guerrero
0c7d7566f1 Accepting request 1331577 from security:SELinux 
- Update to version 3.10
  https://github.com/SELinuxProject/selinux/releases/tag/3.10
  * libsepol: fix TARGET and LIBSO on Darwin
  * libsepol: add bpf_token_perms polcap
  * libsepol: Fix erroneous genfscon asterisks
  * libsepol: Fix sid handling when writing out policy from binary
  * libsepol: Fix an error in the policyd validation of user datums
  * libsepol: Fix processing of levels for user rule in an optional block
  * libsepol: Fix problem with handling type attributes in role-types rule
  * libsepol: Expand role attributes when expanding instead of when linking
  * libsepol: Fix expand_role_attributes_in_attributes()
  * libsepol: Allow type attributes to be associated with other type attributes
  * libsepol: Tighten checks on MLS range and level when validating
  * libsepol: Check for an unset sensitivity in module_to_cil
  * libsepol: Handled required users in module_to_cil
  * libsepol: Fix potential NULL dereference in policydb_read()
  * libsepol: Fix potential use of an uninitialized value in link.c
  * libsepol: Fix possible use-after-free when expanding attributes
  * libsepol: Support functionfs_seclabel policycap
  * libsepol: add memfd_class capability
- keyring: Add key of Jason Zaman <jasonzaman@gmail.com> 
  * added 63191CE94183098689CAB8DB7EF137EC935B0EAF [expires: 2026-02-08]

OBS-URL: https://build.opensuse.org/request/show/1331577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=62
 2026-02-09 10:42:54 +00:00
Hu
3aeda539f4 Accepting request 1331563 from home:cahu:branches:toolchain310 
- Update to version 3.10
  https://github.com/SELinuxProject/selinux/releases/tag/3.10
  * libsepol: fix TARGET and LIBSO on Darwin
  * libsepol: add bpf_token_perms polcap
  * libsepol: Fix erroneous genfscon asterisks
  * libsepol: Fix sid handling when writing out policy from binary
  * libsepol: Fix an error in the policyd validation of user datums
  * libsepol: Fix processing of levels for user rule in an optional block
  * libsepol: Fix problem with handling type attributes in role-types rule
  * libsepol: Expand role attributes when expanding instead of when linking
  * libsepol: Fix expand_role_attributes_in_attributes()
  * libsepol: Allow type attributes to be associated with other type attributes
  * libsepol: Tighten checks on MLS range and level when validating
  * libsepol: Check for an unset sensitivity in module_to_cil
  * libsepol: Handled required users in module_to_cil
  * libsepol: Fix potential NULL dereference in policydb_read()
  * libsepol: Fix potential use of an uninitialized value in link.c
  * libsepol: Fix possible use-after-free when expanding attributes
  * libsepol: Support functionfs_seclabel policycap
  * libsepol: add memfd_class capability
- keyring: Add key of Jason Zaman <jasonzaman@gmail.com> 
  * added 63191CE94183098689CAB8DB7EF137EC935B0EAF [expires: 2026-02-08]

OBS-URL: https://build.opensuse.org/request/show/1331563
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=109
 2026-02-06 10:00:11 +00:00
Dominique Leuenberger
d69c3af365 Accepting request 1295308 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/1295308
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=61
 2025-07-24 16:34:29 +00:00
Johannes Segitz
ef90cf3419 Accepting request 1295302 from home:jsegitz:branches:security:SELinux_3.9_new 
next try for 3.9 toolchain. Addition of neveraudit causes the issues. We will have to rebuild all existing selinux modules. Dimstar is aware

OBS-URL: https://build.opensuse.org/request/show/1295302
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=107
 2025-07-23 12:18:42 +00:00
Ana Guerrero
31ec6e3ca2 Accepting request 1295052 from openSUSE:Factory 
https://bugzilla.suse.com/show_bug.cgi?id=1246831

OBS-URL: https://build.opensuse.org/request/show/1295052
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=60
 2025-07-22 10:20:49 +00:00
OBS User buildservice-autocommit
0f8094de16 Updating link to change in openSUSE:Factory/libsepol revision 60 
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=3eda3b5c5a33d3db41efff5fe788b2e6
 2025-07-22 10:20:49 +00:00
Ana Guerrero
7f21f2c653 Accepting request 1295052 from openSUSE:Factory 
https://bugzilla.suse.com/show_bug.cgi?id=1246831

OBS-URL: https://build.opensuse.org/request/show/1295052
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=60
 2025-07-22 10:20:49 +00:00
Ana Guerrero
6a40f070ee Accepting request 1294369 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/1294369
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=59
 2025-07-20 13:27:52 +00:00
Ana Guerrero
f932bb87a3 Accepting request 1294369 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/1294369
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=59
 2025-07-20 13:27:52 +00:00
Robert Frohl
ac424c1a76 Accepting request 1294338 from home:jsegitz:branches:security:SELinux_3.9 
Toolchain 3.9 update

OBS-URL: https://build.opensuse.org/request/show/1294338
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=105
 2025-07-18 12:03:44 +00:00
Ana Guerrero
c1d5aff1a7 Accepting request 1251758 from security:SELinux 
- Update to version 3.8.1
  https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
  * no source change

OBS-URL: https://build.opensuse.org/request/show/1251758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=58
 2025-03-11 19:44:11 +00:00
Ana Guerrero
7d6cf1e25d Accepting request 1251758 from security:SELinux 
- Update to version 3.8.1
  https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
  * no source change

OBS-URL: https://build.opensuse.org/request/show/1251758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=58
 2025-03-11 19:44:11 +00:00
Hu
9aca549471 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=103 2025-03-07 14:39:19 +00:00
Ana Guerrero
98294031e0 Accepting request 1245833 from security:SELinux 
update selinux userspace to 3.8

OBS-URL: https://build.opensuse.org/request/show/1245833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=57
 2025-02-14 18:20:08 +00:00
Ana Guerrero
129b13b254 Accepting request 1245833 from security:SELinux 
update selinux userspace to 3.8

OBS-URL: https://build.opensuse.org/request/show/1245833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=57
 2025-02-14 18:20:08 +00:00
Robert Frohl
ea04915b44 3.8 with correct keyfiles 
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=101
 2025-02-14 08:07:23 +00:00
Robert Frohl
83236680e4 update selinux userspace to 3.8 
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=100
 2025-02-13 15:04:34 +00:00
Ana Guerrero
19bb5384fb Accepting request 1185748 from security:SELinux 
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
  * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
  * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()

OBS-URL: https://build.opensuse.org/request/show/1185748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=56
 2024-07-12 15:04:21 +00:00
Ana Guerrero
633d879edc Accepting request 1185748 from security:SELinux 
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
  * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
  * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()

OBS-URL: https://build.opensuse.org/request/show/1185748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=56
 2024-07-12 15:04:21 +00:00
Hu
04b7156d97 Accepting request 1184295 from home:cahu:security:SELinux:userspace37 
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
  * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
  * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()

OBS-URL: https://build.opensuse.org/request/show/1184295
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=98
 2024-07-02 09:43:24 +00:00
Ana Guerrero
1bf616b307 Accepting request 1137090 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/1137090
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=55
 2024-01-08 22:43:46 +00:00
Ana Guerrero
4b24eb66b6 Accepting request 1137090 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/1137090
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=55
 2024-01-08 22:43:46 +00:00
Johannes Segitz
824d2b67a5 Accepting request 1134071 from home:cahu:branches:security:SELinux 
- Update to version 3.6
  https://github.com/SELinuxProject/selinux/releases/tag/3.6
  * struct cond_expr_t bool renamed to boolean
    The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro 
  * Add notself support for neverallow rules
  * Improve man pages
  * man pages: Remove the Russian translations
  * Add notself and other support to CIL
  * Add support for deny rules
  * Translations updated from
    https://translate.fedoraproject.org/projects/selinux/
  * Bug fixes
- Remove keys from keyring since they expired:
  - E853C1848B0185CF42864DF363A8AD4B982C4373
    Petr Lautrbach <plautrba@redhat.com>
  - 63191CE94183098689CAB8DB7EF137EC935B0EAF
    Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring: 
  - B8682847764DF60DF52D992CBC3905F235179CF1 
    Petr Lautrbach <lautrbach@redhat.com>

OBS-URL: https://build.opensuse.org/request/show/1134071
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=96
 2024-01-05 15:35:18 +00:00
Ana Guerrero
636ac52584 Accepting request 1115852 from security:SELinux 
- Enable LTO now (boo#1138813).

OBS-URL: https://build.opensuse.org/request/show/1115852
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=54
 2023-10-08 10:17:38 +00:00
Ana Guerrero
7426d873c0 Accepting request 1115852 from security:SELinux 
- Enable LTO now (boo#1138813).

OBS-URL: https://build.opensuse.org/request/show/1115852
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=54
 2023-10-08 10:17:38 +00:00
Johannes Segitz
2a04ef5726 Accepting request 1074005 from home:marxin:branches:security:SELinux 
- Enable LTO now (boo#1138813).

OBS-URL: https://build.opensuse.org/request/show/1074005
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=94
 2023-03-24 13:24:44 +00:00
Dominique Leuenberger
4fc1f208d1 Accepting request 1068398 from security:SELinux 
SELinux 3.5 toolchain

OBS-URL: https://build.opensuse.org/request/show/1068398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=53
 2023-03-07 15:48:20 +00:00
Dominique Leuenberger
6ff224ea55 Accepting request 1068398 from security:SELinux 
SELinux 3.5 toolchain

OBS-URL: https://build.opensuse.org/request/show/1068398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=53
 2023-03-07 15:48:20 +00:00
Johannes Segitz
1c117fd1ab Accepting request 1067538 from home:jsegitz:branches:security:SELinux_toolchain 
- Update to version 3.5
  * Stricter policy validation
  * do not write empty class definitions to allow simpler round-trip tests
  * reject attributes in type av rules for kernel policies
- Added additional developer key (Jason Zaman)

OBS-URL: https://build.opensuse.org/request/show/1067538
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=92
 2023-02-24 08:43:04 +00:00
Dominique Leuenberger
4c27d32d9b Accepting request 978302 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/978302
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=52
 2022-06-20 13:36:47 +00:00
Dominique Leuenberger
7f69b4a7bd Accepting request 978302 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/978302
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=52
 2022-06-20 13:36:47 +00:00
Johannes Segitz
39233ab7be Accepting request 978292 from home:jsegitz:branches:security:SELinux 
- Update to version 3.4
  * Add 'ioctl_skip_cloexec' policy capability
  * Add sepol_av_perm_to_string
  * Add policy utilities
  * Support IPv4/IPv6 address embedding
  * Hardened/added many validations
  * Add support for file types in writing out policy.conf
  * Allow optional file type in genfscon rules

OBS-URL: https://build.opensuse.org/request/show/978292
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=90
 2022-05-20 14:53:29 +00:00
Dominique Leuenberger
38f767586b Accepting request 930939 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/930939
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=51
 2021-11-15 14:26:03 +00:00
Dominique Leuenberger
cebef81001 Accepting request 930939 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/930939
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=51
 2021-11-15 14:26:03 +00:00
Johannes Segitz
390e1d8156 Accepting request 930930 from home:jsegitz:branches:security:SELinux 
- Update to version 3.3
  * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
    are all included
  * Lot of smaller fixes identified by fuzzing

OBS-URL: https://build.opensuse.org/request/show/930930
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=89
 2021-11-11 16:01:43 +00:00
Dominique Leuenberger
bd940174b3 Accepting request 907664 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/907664
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=50
 2021-07-25 18:09:04 +00:00
Dominique Leuenberger
b3e38940bf Accepting request 907664 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/907664
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=50
 2021-07-25 18:09:04 +00:00
Johannes Segitz
f811c0623e Accepting request 907663 from home:jsegitz:branches:security:SELinux 
- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
  Added CVE-2021-36087.patch

OBS-URL: https://build.opensuse.org/request/show/907663
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=88
 2021-07-22 06:49:30 +00:00
Dominique Leuenberger
b70d57bcb1 Accepting request 904154 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/904154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=49
 2021-07-09 21:56:34 +00:00
Dominique Leuenberger
a9cae8cfe7 Accepting request 904154 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/904154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=49
 2021-07-09 21:56:34 +00:00
Johannes Segitz
890b686005 Accepting request 904153 from home:jsegitz:branches:security:SELinux 
- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
  Added CVE-2021-36085.patch
- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
  Added CVE-2021-36086.patch

OBS-URL: https://build.opensuse.org/request/show/904153
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=87
 2021-07-05 12:52:59 +00:00
Dominique Leuenberger
c43f7bb493 Accepting request 878577 from security:SELinux 
big toolchain update, please stage together. so versions change, so this has high potential to break stuff. Probably best to stage it isolated

OBS-URL: https://build.opensuse.org/request/show/878577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=48
 2021-03-24 15:08:48 +00:00
Dominique Leuenberger
cae94863c8 Accepting request 878577 from security:SELinux 
big toolchain update, please stage together. so versions change, so this has high potential to break stuff. Probably best to stage it isolated

OBS-URL: https://build.opensuse.org/request/show/878577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=48
 2021-03-24 15:08:48 +00:00
Johannes Segitz
181ae34ce7 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=85 2021-03-12 07:59:16 +00:00
Dominique Leuenberger
e842990f0d Accepting request 849698 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/849698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=47
 2020-11-26 22:09:10 +00:00
Dominique Leuenberger
3c8153a9d5 Accepting request 849698 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/849698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=47
 2020-11-26 22:09:10 +00:00
Johannes Segitz
f37d678460 Accepting request 849628 from home:lnussel:usrmove 
- install to /usr (boo#1029961)

OBS-URL: https://build.opensuse.org/request/show/849628
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=83
 2020-11-20 15:12:18 +00:00
Dominique Leuenberger
dba2229a83 Accepting request 832093 from security:SELinux 
please stage with updated gcc to prevent build failures

OBS-URL: https://build.opensuse.org/request/show/832093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=46
 2020-10-06 15:07:17 +00:00
Dominique Leuenberger
09a46a0e2c Accepting request 832093 from security:SELinux 
please stage with updated gcc to prevent build failures

OBS-URL: https://build.opensuse.org/request/show/832093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=46
 2020-10-06 15:07:17 +00:00
Johannes Segitz
d690887056 Accepting request 821048 from home:jsegitz:branches:security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/821048
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=81
 2020-07-15 08:23:23 +00:00