forked from pool/checkpolicy
Hu
732ba6f16b
- Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * checkpolicy: support CIDR notation for nodecon statements * checkpolicy: provide more descriptive error messages and improve error handling * Bugfixes: * checkpolicy: handle unprintable token * checkpolicy: avoid assigning garbage values * checkpolicy: free temporary bounds type * checkpolicy: perform contiguous check in host byte order * checkpolicy: include <ctype.h> for isprint(3) * oss-fuzz fixes: * checkpolicy: add libfuzz based fuzzer * checkpolicy: free complete role_allow_rule on error * checkpolicy: free identifiers on invalid typebounds * checkpolicy: return YYerror on invalid character * checkpolicy: clone level only once OBS-URL: https://build.opensuse.org/request/show/1184291 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/checkpolicy?expand=0&rev=65
290 lines
11 KiB
Plaintext
290 lines
11 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Jul 1 07:45:50 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
|
|
|
|
- Update to version 3.7
|
|
https://github.com/SELinuxProject/selinux/releases/tag/3.7
|
|
* User-visible changes:
|
|
* checkpolicy: support CIDR notation for nodecon statements
|
|
* checkpolicy: provide more descriptive error messages and improve error handling
|
|
* Bugfixes:
|
|
* checkpolicy: handle unprintable token
|
|
* checkpolicy: avoid assigning garbage values
|
|
* checkpolicy: free temporary bounds type
|
|
* checkpolicy: perform contiguous check in host byte order
|
|
* checkpolicy: include <ctype.h> for isprint(3)
|
|
* oss-fuzz fixes:
|
|
* checkpolicy: add libfuzz based fuzzer
|
|
* checkpolicy: free complete role_allow_rule on error
|
|
* checkpolicy: free identifiers on invalid typebounds
|
|
* checkpolicy: return YYerror on invalid character
|
|
* checkpolicy: clone level only once
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 19 10:43:51 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
|
|
|
|
- Update to version 3.6
|
|
https://github.com/SELinuxProject/selinux/releases/tag/3.6
|
|
* checkpolicy: Add the command line argument -N, --disable-neverallow
|
|
* dispol: add option to display users, drop duplicate option to display booleans,
|
|
show number of entries before listing them
|
|
* dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
|
|
* dispol: add options: --actions ACTIONS, --help
|
|
* dismod: add options: --actions ACTIONS, --help
|
|
* Add notself support for neverallow rules
|
|
* Improve man pages
|
|
* man pages: Remove the Russian translations
|
|
* Add notself and other support to CIL
|
|
* Add support for deny rules
|
|
* Translations updated from
|
|
https://translate.fedoraproject.org/projects/selinux/
|
|
* Bug fixes
|
|
- Remove keys from keyring since they expired:
|
|
- E853C1848B0185CF42864DF363A8AD4B982C4373
|
|
Petr Lautrbach <plautrba@redhat.com>
|
|
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
|
|
Jason Zaman <jasonzaman@gmail.com>
|
|
- Add key to keyring:
|
|
- B8682847764DF60DF52D992CBC3905F235179CF1
|
|
Petr Lautrbach <lautrbach@redhat.com>
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 24 07:32:08 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.5
|
|
* error out if required permission would exceed limit
|
|
* Improve error message for type bounds
|
|
- Added additional developer key (Jason Zaman)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 9 10:09:06 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.4
|
|
* warn on bogus IP address or netmask in nodecon statement
|
|
* allow wildcard permissions in constraints
|
|
* mention class name on invalid permission
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 11 13:23:59 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.3
|
|
* When reading a binary policy by checkpolicy, do not automatically change the version
|
|
to the max policy version supported by libsepol or, if specified, the value given
|
|
using the "-c" flag.
|
|
* Updated documentation
|
|
* Prints the reason why opening a source policy file failed
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 9 08:59:58 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.2
|
|
* Fix a memleak and an integer overflow
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 14 08:31:15 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Update to version 3.1
|
|
* checkpolicy treats invalid characters as an error - might break rare use
|
|
cases (intentionally)
|
|
* Drop extern_te_assert_t.patch, is upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 3 12:19:40 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
|
|
|
- Update to version 3.0
|
|
* add flag to enable policy optimization
|
|
* allow to write policy to stdout
|
|
* remove a redundant if-condition
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 15 14:25:45 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
|
|
|
- Add extern_te_assert_t.patch to mark te_assert_t as extern.
|
|
Prevents build failures on gcc10 (bsc#1160259)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 20 14:58:08 UTC 2019 - jsegitz@suse.com
|
|
|
|
- Update to version 2.9
|
|
* Add option to sort contexts when creating a binary policy
|
|
* Update manpage
|
|
* check the result value of hashtable_search
|
|
* destroy the class datum if it fails to initialize
|
|
* remove extraneous policy build noise
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 11 17:19:04 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS"
|
|
(RPM_LD_FLAGS is always empty).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 7 16:26:24 UTC 2018 - jsegitz@suse.com
|
|
|
|
- Source URL was invalid (bsc#1115052)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 17 11:52:55 UTC 2018 - jsegitz@suse.com
|
|
|
|
- Update to version 2.8 (bsc#1111732).
|
|
For changes please see
|
|
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
|
|
- Dropped checkpolicy-build.patch, not necessary anymore
|
|
- Removed BuildRequires for byacc. It builds without and this blocks
|
|
building on SLE 15
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 11 07:48:05 UTC 2018 - jsegitz@suse.com
|
|
|
|
- checkpolicy-build.patch was added in the former change to fix build
|
|
failures
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 16 07:16:19 UTC 2018 - mcepl@suse.com
|
|
|
|
- Rebase to 2.7.
|
|
For changes please see
|
|
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 24 09:01:04 UTC 2017 - jsegitz@suse.com
|
|
|
|
- Update to version 2.6. Notable changes:
|
|
* Add types associated to a role in the current scope when parsing
|
|
* Extend checkpolicy pathname matching
|
|
* Set flex as default lexer
|
|
* Fix checkmodule output message
|
|
* Fail if module name different than output base filename
|
|
* Add support for portcon dccp protocol
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 29 21:05:43 UTC 2017 - mpluskal@suse.com
|
|
|
|
- Use plain flex
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 21 13:02:06 UTC 2016 - jengelh@inai.de
|
|
|
|
- Trim/update description
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 14 14:18:26 UTC 2016 - jsegitz@novell.com
|
|
|
|
- Without bug number no submit to SLE 12 SP2 is possible, so to make
|
|
sle-changelog-checker happy: bsc#988977
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 8 16:22:15 UTC 2016 - i@marguerite.su
|
|
|
|
- update version 2.5
|
|
* Add neverallow support for ioctl extended permissions
|
|
* fix double free on name-based type transitions
|
|
* switch operations to extended perms
|
|
* policy_define.c: fix compiler warnings
|
|
* Remove uses of -Wno-return-type
|
|
* Fix -Wreturn-type issues
|
|
* dispol: display operations as ranges
|
|
* dispol: Extend to display operations
|
|
* Add support for ioctl command whitelisting
|
|
* Add option to write CIL policy
|
|
* Add device tree ocontext nodes to Xen policy
|
|
* Widen Xen IOMEM context entries
|
|
* Expand allowed character set in paths
|
|
* Fix precedence between number and filesystem tokens
|
|
* dispol/dismod fgets function warnings fix
|
|
- changes in 2.4
|
|
* Fix bugs found by hardened gcc flags
|
|
* Add missing semicolon in cond_else parser rule
|
|
* Clear errno before call to strtol(3)
|
|
* Global C++11 compatibility
|
|
* Allow libsepol C++ static library on device
|
|
|
|
-------------------------------------------------------------------
|
|
Sun May 18 00:18:53 UTC 2014 - crrodriguez@opensuse.org
|
|
|
|
- version 2.3
|
|
* Report source file and line information for neverallow failures.
|
|
* Prevent incompatible option combinations for checkmodule.
|
|
* Drop -lselinux from LDLIBS for test programs; not used.
|
|
* Add debug feature to display constraints/validatetrans from Richard Haines.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 31 13:41:13 UTC 2013 - p.drouand@gmail.com
|
|
|
|
- Update to version 2.2
|
|
* Fix hyphen usage in man pages
|
|
* handle-unknown / -U required argument fix
|
|
* Support overriding Makefile PATH and LIBDIR
|
|
* Support space and : in filenames
|
|
- Remove checkpolicy-rhat.patch; fixed on upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 27 14:29:19 UTC 2013 - vcizek@suse.com
|
|
|
|
- change the source url to the official 2.1.12 release tarball
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 29 13:10:16 UTC 2013 - vcizek@suse.com
|
|
|
|
- update to 2.1.12
|
|
* Fix errors found by coverity
|
|
* implement default type policy syntax
|
|
* Free allocated memory when clean up / exit.
|
|
- changes in checkpolicy-rhat.patch:
|
|
* original hunk was merged upstream
|
|
* space should be allowed for file trans names
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 30 11:40:10 UTC 2013 - vcizek@suse.com
|
|
|
|
- update to 2.1.11
|
|
* fd leak reading policy
|
|
* check return code on ebitmap_set_bit
|
|
* sepolgen: We need to support files that have a + in them
|
|
* implement new default labeling behaviors for usr, role, range
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 25 11:24:54 UTC 2012 - meissner@suse.com
|
|
|
|
- updated to 2.1.8
|
|
- various fixes
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Sep 17 22:52:07 UTC 2011 - jengelh@medozas.de
|
|
|
|
- Remove redundant tags/sections from specfile
|
|
- Use %_smp_mflags for parallel build
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 25 14:51:44 UTC 2010 - prusnak@suse.cz
|
|
|
|
- updated to 2.0.21
|
|
* Add support for building Xen policies from Paul Nuzzi.
|
|
* Add long options to checkpolicy and checkmodule by Guido
|
|
Trentalancia <guido@trentalancia.com>
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 23 12:29:42 CEST 2009 - prusnak@suse.cz
|
|
|
|
- require libsepol-devel-static
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 27 13:52:37 CEST 2009 - prusnak@suse.cz
|
|
|
|
- updated to 2.0.19
|
|
* fix alias field in module format, caused by boundary format change
|
|
from Caleb Case
|
|
* properly escape regex symbols in the lexer from Stephen Smalley
|
|
* add bounds support from KaiGai Kohei
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 20 18:03:54 CEST 2008 - prusnak@suse.cz
|
|
|
|
- use flex-old for building (using flex does not build refpolicy)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 15 17:56:14 CEST 2008 - prusnak@suse.cz
|
|
|
|
- initial version 2.0.16
|
|
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>
|
|
|