e32fef06fe
Accepting request 1295308 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/1295308
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=61
2025-07-24 16:34:29 +00:00
6991912962
next try for 3.9 toolchain. Addition of neveraudit causes the issues. We will have to rebuild all existing selinux modules. Dimstar is aware
...
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=107
2025-07-23 12:18:42 +00:00
9d8fc08f64
Accepting request 1295052 from openSUSE:Factory
...
https://bugzilla.suse.com/show_bug.cgi?id=1246831
OBS-URL: https://build.opensuse.org/request/show/1295052
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=60
2025-07-22 10:20:49 +00:00
OBS User buildservice-autocommit
31d45f2471
Updating link to change in openSUSE:Factory/libsepol revision 60
...
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=3eda3b5c5a33d3db41efff5fe788b2e6
2025-07-22 10:20:49 +00:00
36b5e9dee5
Accepting request 1295052 from openSUSE:Factory
...
https://bugzilla.suse.com/show_bug.cgi?id=1246831
OBS-URL: https://build.opensuse.org/request/show/1295052
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=60
2025-07-22 10:20:49 +00:00
da36f0cd80
Accepting request 1294369 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/1294369
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=59
2025-07-20 13:27:52 +00:00
7397abe451
Toolchain 3.9 update
...
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=105
2025-07-18 12:03:44 +00:00
775843d05e
Accepting request 1251758 from security:SELinux
...
- Update to version 3.8.1
https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
* no source change
OBS-URL: https://build.opensuse.org/request/show/1251758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=58
2025-03-11 19:44:11 +00:00
967edc13d0
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=103
2025-03-07 14:39:19 +00:00
df97ca745b
Accepting request 1245833 from security:SELinux
...
update selinux userspace to 3.8
OBS-URL: https://build.opensuse.org/request/show/1245833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=57
2025-02-14 18:20:08 +00:00
2aa20e35ed
3.8 with correct keyfiles
...
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=101
2025-02-14 08:07:23 +00:00
6c8f2e60ee
update selinux userspace to 3.8
...
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=100
2025-02-13 15:04:34 +00:00
e2ba324668
Accepting request 1185748 from security:SELinux
...
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* libsepol: improve policy lookup failure message
* libsepol: include prefix for module policy versions
* libsepol: validate type-attribute-map for old policies
* libsepol: only exempt gaps checking for kernel policies
* Bugfixes:
* libsepol/src/Makefile: fix reallocarray detection
* libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
* libsepol: ensure transitivity in compare functions
* oss-fuzz fixes:
* libsepol: check scope permissions refer to valid class
* libsepol: validate attribute-type maps
* libsepol: reject self flag in type rules in old policies
* libsepol: validate class permissions
* libsepol: validate access vector permissions
* libsepol: reject MLS support in pre-MLS policies
* libsepol: Fix buffer overflow when using sepol_av_to_string()
* libsepol: Use a dynamic buffer in sepol_av_to_string()
OBS-URL: https://build.opensuse.org/request/show/1185748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=56
2024-07-12 15:04:21 +00:00
4a29d23670
Accepting request 1184295 from home:cahu:security:SELinux:userspace37
...
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* libsepol: improve policy lookup failure message
* libsepol: include prefix for module policy versions
* libsepol: validate type-attribute-map for old policies
* libsepol: only exempt gaps checking for kernel policies
* Bugfixes:
* libsepol/src/Makefile: fix reallocarray detection
* libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
* libsepol: ensure transitivity in compare functions
* oss-fuzz fixes:
* libsepol: check scope permissions refer to valid class
* libsepol: validate attribute-type maps
* libsepol: reject self flag in type rules in old policies
* libsepol: validate class permissions
* libsepol: validate access vector permissions
* libsepol: reject MLS support in pre-MLS policies
* libsepol: Fix buffer overflow when using sepol_av_to_string()
* libsepol: Use a dynamic buffer in sepol_av_to_string()
OBS-URL: https://build.opensuse.org/request/show/1184295
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=98
2024-07-02 09:43:24 +00:00
be2fe6a61d
Accepting request 1137090 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/1137090
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=55
2024-01-08 22:43:46 +00:00
70e11221e2
Accepting request 1134071 from home:cahu:branches:security:SELinux
...
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* struct cond_expr_t bool renamed to boolean
The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com >
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com >
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com >
OBS-URL: https://build.opensuse.org/request/show/1134071
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=96
2024-01-05 15:35:18 +00:00
c6839cc031
Accepting request 1115852 from security:SELinux
...
- Enable LTO now (boo#1138813).
OBS-URL: https://build.opensuse.org/request/show/1115852
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=54
2023-10-08 10:17:38 +00:00
d1a755d1be
Accepting request 1074005 from home:marxin:branches:security:SELinux
...
- Enable LTO now (boo#1138813).
OBS-URL: https://build.opensuse.org/request/show/1074005
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=94
2023-03-24 13:24:44 +00:00
dcb429bda8
Accepting request 1068398 from security:SELinux
...
SELinux 3.5 toolchain
OBS-URL: https://build.opensuse.org/request/show/1068398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=53
2023-03-07 15:48:20 +00:00
9af076b667
Accepting request 1067538 from home:jsegitz:branches:security:SELinux_toolchain
...
- Update to version 3.5
* Stricter policy validation
* do not write empty class definitions to allow simpler round-trip tests
* reject attributes in type av rules for kernel policies
- Added additional developer key (Jason Zaman)
OBS-URL: https://build.opensuse.org/request/show/1067538
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=92
2023-02-24 08:43:04 +00:00
3083781472
Accepting request 978302 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/978302
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=52
2022-06-20 13:36:47 +00:00
90e7bc0d39
Accepting request 978292 from home:jsegitz:branches:security:SELinux
...
- Update to version 3.4
* Add 'ioctl_skip_cloexec' policy capability
* Add sepol_av_perm_to_string
* Add policy utilities
* Support IPv4/IPv6 address embedding
* Hardened/added many validations
* Add support for file types in writing out policy.conf
* Allow optional file type in genfscon rules
OBS-URL: https://build.opensuse.org/request/show/978292
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=90
2022-05-20 14:53:29 +00:00
b80f658698
Accepting request 930939 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/930939
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=51
2021-11-15 14:26:03 +00:00
673aa21af7
Accepting request 930930 from home:jsegitz:branches:security:SELinux
...
- Update to version 3.3
* Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
are all included
* Lot of smaller fixes identified by fuzzing
OBS-URL: https://build.opensuse.org/request/show/930930
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=89
2021-11-11 16:01:43 +00:00
4eeb372432
Accepting request 907664 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/907664
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=50
2021-07-25 18:09:04 +00:00
dbf4cf0499
Accepting request 907663 from home:jsegitz:branches:security:SELinux
...
- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
Added CVE-2021-36087.patch
OBS-URL: https://build.opensuse.org/request/show/907663
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=88
2021-07-22 06:49:30 +00:00
de87d21405
Accepting request 904154 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/904154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=49
2021-07-09 21:56:34 +00:00
d28af01c4e
Accepting request 904153 from home:jsegitz:branches:security:SELinux
...
- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
Added CVE-2021-36085.patch
- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
Added CVE-2021-36086.patch
OBS-URL: https://build.opensuse.org/request/show/904153
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=87
2021-07-05 12:52:59 +00:00
696c8dce97
Accepting request 878577 from security:SELinux
...
big toolchain update, please stage together. so versions change, so this has high potential to break stuff. Probably best to stage it isolated
OBS-URL: https://build.opensuse.org/request/show/878577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=48
2021-03-24 15:08:48 +00:00
d9c6b82ffe
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=85
2021-03-12 07:59:16 +00:00
36a9e75404
Accepting request 849698 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/849698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=47
2020-11-26 22:09:10 +00:00
a06fd305fa
Accepting request 849628 from home:lnussel:usrmove
...
- install to /usr (boo#1029961)
OBS-URL: https://build.opensuse.org/request/show/849628
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=83
2020-11-20 15:12:18 +00:00
cc7c105f22
Accepting request 832093 from security:SELinux
...
please stage with updated gcc to prevent build failures
OBS-URL: https://build.opensuse.org/request/show/832093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=46
2020-10-06 15:07:17 +00:00
fcba095d86
Accepting request 821048 from home:jsegitz:branches:security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/821048
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=81
2020-07-15 08:23:23 +00:00
40b6433ba8
Accepting request 820921 from home:jsegitz:branches:security:SELinux
...
- Update to version 3.1
* Add support for new polcap genfs_seclabel_symlinks
* Initialize the multiple_decls field of the cil db
* Return error when identifier declared as both type and attribute
* Write CIL default MLS rules on separate lines
* Sort portcon rules consistently
* Remove leftovers of cil_mem_error_handler
* Drop remove_cil_mem_error_handler.patch, is included
OBS-URL: https://build.opensuse.org/request/show/820921
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=80
2020-07-14 14:13:51 +00:00
256b149aa7
Accepting request 798515 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/798515
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=45
2020-05-02 20:12:09 +00:00
7fb641ce31
Accepting request 798389 from home:marxin:branches:security:SELinux
...
- Enable -fcommon in order to fix boo#1160874.
OBS-URL: https://build.opensuse.org/request/show/798389
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=78
2020-04-28 06:41:43 +00:00
44aa63c244
Accepting request 781809 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/781809
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=44
2020-03-11 17:31:15 +00:00
3c5f1f043d
Accepting request 781799 from home:jsegitz:branches:security:SELinux
...
- Update to version 3.0
* cil: Allow validatetrans rules to be resolved
* cil: Report disabling an optional block only at high verbose levels
* cil: do not dereference perm_value_to_cil when it has not been allocated
* cil: fix mlsconstrain segfault
* Further improve binary policy optimization
* Make an unknown permission an error in CIL
* Remove cil_mem_error_handler() function pointer
* Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
* Add a function to optimize kernel policy
* Add ebitmap_for_each_set_bit macro
Dropped fnocommon.patch as it's included upstream
OBS-URL: https://build.opensuse.org/request/show/781799
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=76
2020-03-05 10:13:43 +00:00
d325f19e60
Accepting request 768762 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/768762
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=43
2020-02-04 18:51:34 +00:00
bf1d92df6b
Accepting request 768760 from home:jsegitz:branches:security:SELinux
...
- Add fnocommon.patch to prevent build failures on gcc10 and
remove_cil_mem_error_handler.patch to prevent build failures due to
leftovers from the removal of cil_mem_error_handler (bsc#1160874)
OBS-URL: https://build.opensuse.org/request/show/768760
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=74
2020-01-30 14:43:08 +00:00
72124986e0
Accepting request 712736 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/712736
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=42
2019-07-08 13:08:41 +00:00
344793b1f5
Accepting request 711060 from home:marxin:branches:security:SELinux
...
- Disable LTO due to symbol versioning (boo#1138813).
OBS-URL: https://build.opensuse.org/request/show/711060
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=72
2019-07-01 07:56:24 +00:00
585ca335f9
Accepting request 687216 from security:SELinux
...
please stage checkpolicy libselinux libsemanage libsepol mcstrans policycoreutils restorecond together
OBS-URL: https://build.opensuse.org/request/show/687216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=41
2019-03-24 13:55:21 +00:00
5833de3b1d
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=70
2019-03-21 09:41:18 +00:00
3052f26060
Accepting request 655714 from security:SELinux
...
Added additional details to the changes file
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
OBS-URL: https://build.opensuse.org/request/show/655714
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=40
2018-12-19 12:22:59 +00:00
db4f5e2f0a
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=68
2018-12-06 14:43:35 +00:00
36184cef98
Accepting request 651127 from security:SELinux
...
OBS-URL: https://build.opensuse.org/request/show/651127
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=39
2018-11-26 09:13:49 +00:00
Vítězslav Čížek
a8a11e9d1c
Accepting request 647268 from home:jengelh:branches:security:SELinux
...
we can use %make_install
OBS-URL: https://build.opensuse.org/request/show/647268
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=66
2018-11-22 14:14:28 +00:00
5882687357
Accepting request 647228 from home:jsegitz:branches:security:SELinux
...
- Adjusted source urls (bsc#1115052)
OBS-URL: https://build.opensuse.org/request/show/647228
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=65
2018-11-08 07:52:01 +00:00
