------------------------------------------------------------------- Fri Nov 24 09:14:13 UTC 2017 - jsegitz@suse.com - Update to version 2.6. Notable changes: * genhomedircon: do not suppress logging from libsepol * genhomedircon: use userprefix as the role for homedir * Fix bug preventing the installation of base modules * Use pp module name instead of filename when installing module * genhomedircon: remove hardcoded refpolicy strings * genhomedircon: add support for %group syntax * genhomedircon: generate contexts for logins mapped to the default user * Validate and compile file contexts before installing * Swap tcp and udp protocol numbers * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups ------------------------------------------------------------------- Mon Dec 12 14:59:36 UTC 2016 - dimstar@opensuse.org - Split out the Policy Store Migration tool into libsemanage-store-migrate: it is not a devel tool to start with. Additionally, it causes the -devel package to depend on python, which we want to avoid (libsemanabe being part of the core build cycle). The library suggests libsemanage-store-migrate. ------------------------------------------------------------------- Sun Jul 17 15:17:39 UTC 2016 - jengelh@inai.de - Update RPM groups, trim description, combine filelist entries, ensure pkgconfig() symbols are generated. ------------------------------------------------------------------- Thu Jul 14 14:20:12 UTC 2016 - jsegitz@novell.com - Without bug number no submit to SLE 12 SP2 is possible, so to make sle-changelog-checker happy: bsc#988977 ------------------------------------------------------------------- Wed Jul 13 09:43:28 UTC 2016 - jsegitz@novell.com - Added suse_path.patch to fix path to hll compiler ------------------------------------------------------------------- Fri Jul 8 15:24:49 UTC 2016 - i@marguerite.su - update version 2.5 * Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss. * Fix uninitialized variable in direct_commit and direct_api * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so * Store homedir_template and users_extra in policy store * Fix null pointer dereference in semanage_module_key_destroy * Add semanage_module_extract() to extract a module as CIL or HLL * semanage_migrate_store: add -r option for migrating inside chroots * Add file_contexts and seusers to the store * Add policy binary and file_contexts.local to the store * Allow to install compressed modules without a compression extension * Do not copy contexts in semanage_migrate_store * Fix logic in bunzip for uncompressed pp files * Fix fname[] initialization in test_utilities.c * Add remove-hll semanage.conf option to remove HLL files after compilation to CIL * Fix memory leaks when parsing semanage.conf * Change bunzip to use heap instead of stack to prevent segfault on systems with small stack size - changes in 2.4 * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different directories * Fix bugs found by hardened gcc flags * Add missing manpage links to security_load_policy * Fix failing libsemanage pywrap tests * Fix deprecation warning for bison * Skip policy module relink when only setting booleans * Only try to compile file contexts if they exist * Fix memory leak when setting a custom store path * Add semodule option to set store root path in semanage.conf and the semodule command * Add semanage.conf option to set an alternative root path for policy store * Add support for High Level Language (HLL) to CIL compilers. The HLL compiler path is configurable, but should be placed in /usr/libexec/selinux/hll by default * Create a policy migration script for migrating the policy store from /etc/selinux to /var/lib/selinux * Add python3 support to the migration script * Use libcil to compile modules * Use symbolic versioning to maintain ABI compatibility for old install functions * Add a target-platform option to semanage.conf to control how policies are built * Add API to handle modules and source policies, moving module store to /var/lib/selinux * Only try to compile file contexts if they exist ------------------------------------------------------------------- Sun May 18 00:10:55 UTC 2014 - crrodriguez@opensuse.org - version 2.3 * Fix memory leak in semanage_genhomedircon from Thomas Hurd. ------------------------------------------------------------------- Tue Feb 11 10:12:55 UTC 2014 - vcizek@suse.com - add semanage.conf as SOURCE and install it instead of the default one ------------------------------------------------------------------- Thu Oct 31 13:55:06 UTC 2013 - p.drouand@gmail.com - Update to version 2.2 * Avoid duplicate list entries * Add audit support to libsemanage * Remove policy.kern and replace with symlink * Apply a MAX_UID check for genhomedircon * Fix man pages - Add audit-devel BuildRequires; new dependency - Add fdupes BuildRequires and use it to symlink duplicate manpages ------------------------------------------------------------------- Thu Jun 27 14:56:37 UTC 2013 - vcizek@suse.com - change the source url to the official 2.1.10 release tarball ------------------------------------------------------------------- Thu Apr 4 19:29:33 UTC 2013 - vcizek@suse.com - fixed source url - removed old tarball ------------------------------------------------------------------- Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com - update to 2.1.10 * Add sefcontext_compile to compile regex everytime policy is rebuilt * Cleanup/fix enable/disable/remove module. * redo genhomedircon minuid * fixes from coverity * semanage_store: do not leak memory in semanage_exec_prog * genhomedircon: remove useless conditional in get_home_dirs * genhomedircon: double free in get_home_dirs * fcontext_record: do not leak on error in semanage_fcontext_key_create * genhomedircon: do not leak on failure in write_gen_home_dir_context * semanage_store: do not leak fd * genhomedircon: do not leak shells list * semanage_store: do not leak on strdup failure * semanage_store: rewrite for readability ------------------------------------------------------------------- Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com - update to 2.1.9 * dropped libsemanage-2.1.6-NULL_level_fix.patch (fixed upstream) * libsemanage: do not set soname needlessly * libsemanage: remove PYTHONLIBDIR and ruby equivalent * do boolean name substitution * Fix segfault for building standard policies. * remove build warning when build swig c files * additional makefile support for rubywrap * ignore 80 column limit for readability * semanage_store: fix snprintf length argument by using asprintf * Use default semanage.conf as a fallback * use after free in python bindings * Alternate path for semanage.conf * do not link against libpython, this is considered bad in Debian * Allow to build for several ruby version * fallback-user-level ------------------------------------------------------------------- Mon Jan 7 21:43:31 UTC 2013 - jengelh@inai.de - Remove obsolete defines/sections ------------------------------------------------------------------- Wed Oct 24 16:36:25 UTC 2012 - vcizek@suse.com - when building "standard" (not MCS/MLS) selinux-policies, libsemanage will crash, because "level" is NULL (libsemanage-2.1.6-NULL_level_fix.patch) ------------------------------------------------------------------- Mon Aug 27 13:49:45 UTC 2012 - cfarrell@suse.com - license update: LGPL-2.1+ Could not find any LGPL-2.1 "only" licensed files in the pacakge ------------------------------------------------------------------- Wed Aug 1 07:54:33 UTC 2012 - meissner@suse.com - Updated to 2.1.6 * changes too numerous to list ------------------------------------------------------------------- Wed Oct 5 15:10:27 UTC 2011 - uli@suse.com - cross-build fix: use %__cc macro ------------------------------------------------------------------- Thu Sep 22 13:14:39 CEST 2011 - dmueller@suse.de - buildrequire libbz2-devel ------------------------------------------------------------------- Mon May 23 14:15:42 UTC 2011 - prusnak@opensuse.org - split off python bindings to separate package to reduce build dependencies for rpm [bnc#695436] ------------------------------------------------------------------- Wed May 18 13:38:44 UTC 2011 - coolo@novell.com - add baselibs.conf for rpm-32bit to use ------------------------------------------------------------------- Wed Feb 23 05:42:43 UTC 2011 - coolo@novell.com - disable parallel build, it breaks too often ------------------------------------------------------------------- Thu Feb 25 14:59:32 UTC 2010 - prusnak@suse.cz - updated to 2.0.43 * changes too numerous to list ------------------------------------------------------------------- Fri Jan 16 14:24:38 CET 2009 - prusnak@suse.cz - fix assignment of wrong context [bnc#466793] ------------------------------------------------------------------- Wed Jan 14 14:06:28 CET 2009 - prusnak@suse.cz - updated to 2.0.31 * policy module compression (bzip) support from Dan Walsh * hard link files between tmp/active/previous from Dan Walsh * add semanage_mls_enabled() interface from Stephen Smalley ------------------------------------------------------------------- Mon Dec 1 11:35:58 CET 2008 - prusnak@suse.cz - updated to 2.0.29 * add USER to lines to homedir_template context file * add compression support * allow fcontext and seuser changes without rebuilding the policy * don't rebuild on fcontext or seuser modifications * modify genhomedircon to skip %groupname entries ------------------------------------------------------------------- Wed Oct 22 16:17:23 CEST 2008 - mrueckert@suse.de - fix debug_packages_requires define ------------------------------------------------------------------- Tue Sep 23 12:52:32 CEST 2008 - prusnak@suse.cz - require only version, not release [bnc#429053] ------------------------------------------------------------------- Tue Sep 2 12:13:42 CEST 2008 - prusnak@suse.cz - updated to 2.0.27 * Modify genhomedircon to skip %groupname entries. Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax. - updated to 2.0.26 * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. Strip any trailing slash before appending /*$. ------------------------------------------------------------------- Fri Aug 1 17:32:21 CEST 2008 - ro@suse.de - fix requires for debuginfo package ------------------------------------------------------------------- Tue Jul 15 16:58:47 CEST 2008 - prusnak@suse.cz - initial version 2.0.25 * based on Fedora package by Dan Walsh