testing/libsepol
SHA256
3
0
Fork 0
forked from pool/libsepol
Code Pull Requests Activity
99 Commits 2 Branches 0 Tags 264 KiB
main
Commit Graph

99 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Ana Guerrero
e2ba324668 Accepting request 1185748 from security:SELinux 
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
  * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
  * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()

OBS-URL: https://build.opensuse.org/request/show/1185748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=56
 2024-07-12 15:04:21 +00:00
Hu
4a29d23670 Accepting request 1184295 from home:cahu:security:SELinux:userspace37 
- Update to version 3.7
  https://github.com/SELinuxProject/selinux/releases/tag/3.7
  * User-visible changes:
    * libsepol: improve policy lookup failure message
    * libsepol: include prefix for module policy versions
    * libsepol: validate type-attribute-map for old policies
    * libsepol: only exempt gaps checking for kernel policies
  * Bugfixes:
    * libsepol/src/Makefile: fix reallocarray detection
    * libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
    * libsepol: ensure transitivity in compare functions
  * oss-fuzz fixes:
    * libsepol: check scope permissions refer to valid class
    * libsepol: validate attribute-type maps
    * libsepol: reject self flag in type rules in old policies
    * libsepol: validate class permissions
    * libsepol: validate access vector permissions
    * libsepol: reject MLS support in pre-MLS policies
    * libsepol: Fix buffer overflow when using sepol_av_to_string()
    * libsepol: Use a dynamic buffer in sepol_av_to_string()

OBS-URL: https://build.opensuse.org/request/show/1184295
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=98
 2024-07-02 09:43:24 +00:00
Ana Guerrero
be2fe6a61d Accepting request 1137090 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/1137090
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=55
 2024-01-08 22:43:46 +00:00
Johannes Segitz
70e11221e2 Accepting request 1134071 from home:cahu:branches:security:SELinux 
- Update to version 3.6
  https://github.com/SELinuxProject/selinux/releases/tag/3.6
  * struct cond_expr_t bool renamed to boolean
    The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro 
  * Add notself support for neverallow rules
  * Improve man pages
  * man pages: Remove the Russian translations
  * Add notself and other support to CIL
  * Add support for deny rules
  * Translations updated from
    https://translate.fedoraproject.org/projects/selinux/
  * Bug fixes
- Remove keys from keyring since they expired:
  - E853C1848B0185CF42864DF363A8AD4B982C4373
    Petr Lautrbach <plautrba@redhat.com>
  - 63191CE94183098689CAB8DB7EF137EC935B0EAF
    Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring: 
  - B8682847764DF60DF52D992CBC3905F235179CF1 
    Petr Lautrbach <lautrbach@redhat.com>

OBS-URL: https://build.opensuse.org/request/show/1134071
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=96
 2024-01-05 15:35:18 +00:00
Ana Guerrero
c6839cc031 Accepting request 1115852 from security:SELinux 
- Enable LTO now (boo#1138813).

OBS-URL: https://build.opensuse.org/request/show/1115852
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=54
 2023-10-08 10:17:38 +00:00
Johannes Segitz
d1a755d1be Accepting request 1074005 from home:marxin:branches:security:SELinux 
- Enable LTO now (boo#1138813).

OBS-URL: https://build.opensuse.org/request/show/1074005
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=94
 2023-03-24 13:24:44 +00:00
Dominique Leuenberger
dcb429bda8 Accepting request 1068398 from security:SELinux 
SELinux 3.5 toolchain

OBS-URL: https://build.opensuse.org/request/show/1068398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=53
 2023-03-07 15:48:20 +00:00
Johannes Segitz
9af076b667 Accepting request 1067538 from home:jsegitz:branches:security:SELinux_toolchain 
- Update to version 3.5
  * Stricter policy validation
  * do not write empty class definitions to allow simpler round-trip tests
  * reject attributes in type av rules for kernel policies
- Added additional developer key (Jason Zaman)

OBS-URL: https://build.opensuse.org/request/show/1067538
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=92
 2023-02-24 08:43:04 +00:00
Dominique Leuenberger
3083781472 Accepting request 978302 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/978302
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=52
 2022-06-20 13:36:47 +00:00
Johannes Segitz
90e7bc0d39 Accepting request 978292 from home:jsegitz:branches:security:SELinux 
- Update to version 3.4
  * Add 'ioctl_skip_cloexec' policy capability
  * Add sepol_av_perm_to_string
  * Add policy utilities
  * Support IPv4/IPv6 address embedding
  * Hardened/added many validations
  * Add support for file types in writing out policy.conf
  * Allow optional file type in genfscon rules

OBS-URL: https://build.opensuse.org/request/show/978292
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=90
 2022-05-20 14:53:29 +00:00
Dominique Leuenberger
b80f658698 Accepting request 930939 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/930939
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=51
 2021-11-15 14:26:03 +00:00
Johannes Segitz
673aa21af7 Accepting request 930930 from home:jsegitz:branches:security:SELinux 
- Update to version 3.3
  * Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
    are all included
  * Lot of smaller fixes identified by fuzzing

OBS-URL: https://build.opensuse.org/request/show/930930
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=89
 2021-11-11 16:01:43 +00:00
Dominique Leuenberger
4eeb372432 Accepting request 907664 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/907664
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=50
 2021-07-25 18:09:04 +00:00
Johannes Segitz
dbf4cf0499 Accepting request 907663 from home:jsegitz:branches:security:SELinux 
- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
  Added CVE-2021-36087.patch

OBS-URL: https://build.opensuse.org/request/show/907663
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=88
 2021-07-22 06:49:30 +00:00
Dominique Leuenberger
de87d21405 Accepting request 904154 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/904154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=49
 2021-07-09 21:56:34 +00:00
Johannes Segitz
d28af01c4e Accepting request 904153 from home:jsegitz:branches:security:SELinux 
- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
  Added CVE-2021-36085.patch
- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
  Added CVE-2021-36086.patch

OBS-URL: https://build.opensuse.org/request/show/904153
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=87
 2021-07-05 12:52:59 +00:00
Dominique Leuenberger
696c8dce97 Accepting request 878577 from security:SELinux 
big toolchain update, please stage together. so versions change, so this has high potential to break stuff. Probably best to stage it isolated

OBS-URL: https://build.opensuse.org/request/show/878577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=48
 2021-03-24 15:08:48 +00:00
Johannes Segitz
d9c6b82ffe OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=85 2021-03-12 07:59:16 +00:00
Dominique Leuenberger
36a9e75404 Accepting request 849698 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/849698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=47
 2020-11-26 22:09:10 +00:00
Johannes Segitz
a06fd305fa Accepting request 849628 from home:lnussel:usrmove 
- install to /usr (boo#1029961)

OBS-URL: https://build.opensuse.org/request/show/849628
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=83
 2020-11-20 15:12:18 +00:00
Dominique Leuenberger
cc7c105f22 Accepting request 832093 from security:SELinux 
please stage with updated gcc to prevent build failures

OBS-URL: https://build.opensuse.org/request/show/832093
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=46
 2020-10-06 15:07:17 +00:00
Johannes Segitz
fcba095d86 Accepting request 821048 from home:jsegitz:branches:security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/821048
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=81
 2020-07-15 08:23:23 +00:00
Johannes Segitz
40b6433ba8 Accepting request 820921 from home:jsegitz:branches:security:SELinux 
- Update to version 3.1
  * Add support for new polcap genfs_seclabel_symlinks
  * Initialize the multiple_decls field of the cil db
  * Return error when identifier declared as both type and attribute
  * Write CIL default MLS rules on separate lines
  * Sort portcon rules consistently
  * Remove leftovers of cil_mem_error_handler
  * Drop remove_cil_mem_error_handler.patch, is included

OBS-URL: https://build.opensuse.org/request/show/820921
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=80
 2020-07-14 14:13:51 +00:00
Dominique Leuenberger
256b149aa7 Accepting request 798515 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/798515
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=45
 2020-05-02 20:12:09 +00:00
Johannes Segitz
7fb641ce31 Accepting request 798389 from home:marxin:branches:security:SELinux 
- Enable -fcommon in order to fix boo#1160874.

OBS-URL: https://build.opensuse.org/request/show/798389
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=78
 2020-04-28 06:41:43 +00:00
Dominique Leuenberger
44aa63c244 Accepting request 781809 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/781809
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=44
 2020-03-11 17:31:15 +00:00
Johannes Segitz
3c5f1f043d Accepting request 781799 from home:jsegitz:branches:security:SELinux 
- Update to version 3.0
  * cil: Allow validatetrans rules to be resolved
  * cil: Report disabling an optional block only at high verbose levels
  * cil: do not dereference perm_value_to_cil when it has not been allocated
  * cil: fix mlsconstrain segfault
  * Further improve binary policy optimization
  * Make an unknown permission an error in CIL
  * Remove cil_mem_error_handler() function pointer
  * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
  * Add a function to optimize kernel policy
  * Add ebitmap_for_each_set_bit macro
  Dropped fnocommon.patch as it's included upstream

OBS-URL: https://build.opensuse.org/request/show/781799
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=76
 2020-03-05 10:13:43 +00:00
Dominique Leuenberger
d325f19e60 Accepting request 768762 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/768762
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=43
 2020-02-04 18:51:34 +00:00
Johannes Segitz
bf1d92df6b Accepting request 768760 from home:jsegitz:branches:security:SELinux 
- Add fnocommon.patch to prevent build failures on gcc10 and
  remove_cil_mem_error_handler.patch to prevent build failures due to 
  leftovers from the removal of cil_mem_error_handler (bsc#1160874)

OBS-URL: https://build.opensuse.org/request/show/768760
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=74
 2020-01-30 14:43:08 +00:00
Dominique Leuenberger
72124986e0 Accepting request 712736 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/712736
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=42
 2019-07-08 13:08:41 +00:00
Johannes Segitz
344793b1f5 Accepting request 711060 from home:marxin:branches:security:SELinux 
- Disable LTO due to symbol versioning (boo#1138813).

OBS-URL: https://build.opensuse.org/request/show/711060
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=72
 2019-07-01 07:56:24 +00:00
Dominique Leuenberger
585ca335f9 Accepting request 687216 from security:SELinux 
please stage checkpolicy libselinux libsemanage libsepol mcstrans policycoreutils restorecond together

OBS-URL: https://build.opensuse.org/request/show/687216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=41
 2019-03-24 13:55:21 +00:00
Johannes Segitz
5833de3b1d OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=70 2019-03-21 09:41:18 +00:00
Dominique Leuenberger
3052f26060 Accepting request 655714 from security:SELinux 
Added additional details to the changes file

  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
  For changes please see
  https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt

OBS-URL: https://build.opensuse.org/request/show/655714
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=40
 2018-12-19 12:22:59 +00:00
Johannes Segitz
db4f5e2f0a OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=68 2018-12-06 14:43:35 +00:00
Dominique Leuenberger
36184cef98 Accepting request 651127 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/651127
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=39
 2018-11-26 09:13:49 +00:00
Vítězslav Čížek
a8a11e9d1c Accepting request 647268 from home:jengelh:branches:security:SELinux 
we can use %make_install

OBS-URL: https://build.opensuse.org/request/show/647268
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=66
 2018-11-22 14:14:28 +00:00
Johannes Segitz
5882687357 Accepting request 647228 from home:jsegitz:branches:security:SELinux 
- Adjusted source urls (bsc#1115052)

OBS-URL: https://build.opensuse.org/request/show/647228
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=65
 2018-11-08 07:52:01 +00:00
Vítězslav Čížek
69676d5562 Accepting request 642652 from home:jsegitz:branches:security:SELinux 
- Update to version 2.8 (bsc#1111732)

OBS-URL: https://build.opensuse.org/request/show/642652
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=64
 2018-10-23 12:13:45 +00:00
Dominique Leuenberger
07f1ccd3ce Accepting request 611483 from security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/611483
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=38
 2018-05-30 09:40:02 +00:00
Johannes Segitz
01d1ffa995 Accepting request 609003 from home:mcepl:SELinux 
Rebase to 2.7

OBS-URL: https://build.opensuse.org/request/show/609003
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=62
 2018-05-23 07:58:06 +00:00
Dominique Leuenberger
1b5f78d55e Accepting request 545899 from security:SELinux 
please combine checkpolicy libselinux libsemanage libsepol policycoreutils

OBS-URL: https://build.opensuse.org/request/show/545899
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=37
 2017-12-06 07:46:50 +00:00
Johannes Segitz
be6f41b43a OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=60 2017-11-27 09:18:53 +00:00
Dominique Leuenberger
974200db58 Accepting request 415253 from security:SELinux 
1

OBS-URL: https://build.opensuse.org/request/show/415253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=36
 2016-08-03 09:36:32 +00:00
Johannes Segitz
15a8f4c734 Accepting request 411490 from home:jengelh:branches:security:SELinux 
- Update RPM groups, trim description and combine filelist entries.
remove redundant pkgconfig require (autodetected already)

OBS-URL: https://build.opensuse.org/request/show/411490
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=58
 2016-07-26 12:10:49 +00:00
Dominique Leuenberger
ab00af05c1 Accepting request 408692 from security:SELinux 
1

OBS-URL: https://build.opensuse.org/request/show/408692
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsepol?expand=0&rev=35
 2016-07-18 19:17:19 +00:00
Johannes Segitz
fb01341895 Accepting request 408676 from home:pluskalm:branches:security:SELinux 
- Cleanup spec file with spec-cleaner
- Make spec file a bit more easy
- Ship new supbackage (-tools)

OBS-URL: https://build.opensuse.org/request/show/408676
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=56
 2016-07-15 12:59:30 +00:00
Johannes Segitz
e8f8aa2672 Accepting request 408534 from home:jsegitz:branches:security:SELinux 
- Without bug number no submit to SLE 12 SP2 is possible, so to make
  sle-changelog-checker happy: bsc#988977

OBS-URL: https://build.opensuse.org/request/show/408534
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=55
 2016-07-14 14:27:06 +00:00
Johannes Segitz
2a1654c87f Accepting request 408435 from home:jsegitz:branches:security:SELinux 
- Adjusted source link

OBS-URL: https://build.opensuse.org/request/show/408435
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=54
 2016-07-14 08:42:10 +00:00
Johannes Segitz
5bf1c1c3b5 Accepting request 406824 from home:MargueriteSu:branches:security:SELinux 
OBS-URL: https://build.opensuse.org/request/show/406824
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=53
 2016-07-13 07:20:10 +00:00