Changelog for
policycoreutils-python-2.6-lp150.4.3.1.x86_64.rpm :
* Wed Mar 27 2019 jsegitzAATTsuse.com- Add a Requires for policycoreutils-python to policycoreutils, so that the expected binaries are present (bsc#1130097)- Add Requires for python2-setools, python-enum34, python2-setuptools and python2-selinux to policycoreutils-python to ensure that it has all dependencies met
* Thu Mar 21 2019 jsegitzAATTsuse.com- Add Requires: for policycoreutils-python. policycoreutils-python contains binaries necessary for SELinux administration. Packaging is suboptimal here, it\'s already changed in newer versions. For now we we just require it to ensure users have the binaries they expect (bsc#1130097)
* Thu Apr 26 2018 jsegitzAATTsuse.com- SLE 15 doesn\'t have the necessary files for policycoreutils-gui, don\'t build it there
* Wed Apr 25 2018 jsegitzAATTsuse.com- Drop the requirement for selinux-policy for the gui tools.
* Tue Mar 27 2018 tchvatalAATTsuse.com- Drop SLE11 support, needs the audit that is not present on SLE11- Fix service link to actually work on current releases- Drop SUSE_ASNEEDED=0 as it seems to build fine without it- Do not depend on systemd, just systemd-rpm-macros
* Wed Mar 21 2018 jsegitzAATTsuse.com- Added CVE-2018-1063.patch to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063)
* Tue Mar 20 2018 jsegitzAATTsuse.com- Remove BuildRequires for libcgroup-devel (bsc#1085837)
* Thu Dec 21 2017 jsegitzAATTsuse.com- Removed BuildRequires for setools-devel and added new runtime requirement for python2-networkx
* Mon Nov 27 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Fri Nov 24 2017 jsegitzAATTsuse.com- Update to policycoreutils version 2.6. Notable changes:
* setfiles: reverse the sense of -D option
* sandbox: Use dbus-run-session instead of dbus-launch when available
* setfiles: Utility to find security.restorecon_last entries
* setfiles: Add option to stop setting the digest
* hll/pp: Change warning for module name not matching filename to match new behavior
* sepolicy: convert to setools4
* sandbox: create a new session for sandboxed processes
* sandbox: do not try to setup directories without -X or -M
* sandbox: do not run xmodmap in a new X session
* sandbox: fix file labels on copied files
* semanage: Fix semanage fcontext -D
* semanage: Default serange to \"s0\" for port modify
* semanage: Use socket.getprotobyname for protocol
* semanage: Add auditing of changes in records
* Improve compatibility with Python 3
* Update sandbox types in sandbox manual
* hll/pp: Warn if module name different than output filename- Update to sepolgen version 2.6. Notable changes:
* Add support for TYPEBOUNDS statement in INTERFACE policy files- Dropped CVE-2016-7545_sandbox_escape.patch
* Mon Dec 19 2016 jsegitzAATTnovell.com- Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998 Sandboxed session could have escaped to the parent session
* Sat Jul 23 2016 jengelhAATTinai.de- Trim description in line with other selinux packages
* Thu Jul 14 2016 jsegitzAATTnovell.com- Changes submitted by MargueriteSu: Update to version 2.5
* sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss.
* sepolicy: Rename policy global variable conflict, from Nicolas Iooss.
* newrole: Add missing defined in #if, from Nicolas Iooss.
* newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec.
* secon: Add missing descriptions for --
*-key params in secon man page, from Lukas Vrabec
* semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach.
* chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville.
* semanage: fix \'semanage permissions -l\' subcommand, from Petr Lautrbach.
* semanage: replace string.join() with str.join(), from Petr Lautrbach.
* Man page warning fixes, from Ville Skyttä.
* sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl.
* semanage: Require at least one argument for \'semanage permissive -d\', from Petr Lautrbach.
* sepolicy: Improve sepolicy command line interface, from Petr Lautrbach.
* audit2allow/why: ignore setlocale errors, from Petr Lautrbach.
* semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy.
* audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach.
* Fix PEP8 issues, from Jason Zaman.
* semanage: fix moduleRecords deleteall method, from Stephen Smalley.
* Improve compatibility with Python 3, from Michal Srb.
* semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville.
* semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach.
* sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen.
* mcstransd: don\'t reinvent getpeercon, from Stephen Smalley.
* setfiles/restorecon: fix -r/-R option, from Petr Lautrbach.
* org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley.
* hll: Move core functions of pp to libsepol, from James Carter
* run_init: Use a ring buffer in open_init_pty, from Jason Zaman.
* run_init: fix open_init_pty availability check, from Nicolas Iooss.
* Widen Xen IOMEM context entries, from Daniel De Graaf.
* Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
* Fixed typo/grammatical error, from Christopher Peterson.
* Fix typo in semanage-port man page, from Andrew Spiers. Update to version 2.4
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
* Improve support for building with different versions of python from Nicolas Iooss.
* Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, from Dan Walsh
* Remove cgroups from sandbox, from Dan Walsh
* Try to use setcurrent before setexec in seunshare, from Andy Lutomirski
* Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley
* Add a store root path in semodule, from Yuli Khodorkovskiy
* Add a flag to ignore cached CIL files and recompile HLL modules, from Yuli Khodorkovskiy
* Add and install HLL compiler for policy packages to CIL. The compiler is installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence
* Fixes to pp compiler to better support roles and type attributes, from Yuli Khodorkovskiy
* Deprecate base/upgrade/version in semodule. Calling these commands will now call --install on the backend, from Yuli Khodorkovskiy
* Add ability to install modules with a specified priority, from Caleb Case
* Use /tmp for permissive module creation, by Caleb Case
* Update semanage to use new source policy infrastructure, from Jason Dana
* Add RuntimeDirectory to mcstrans systemd unit file, from Laurent Bigonville
* Wed Nov 05 2014 jsegitzAATTnovell.com- added Requires: python-yum, yum-metadata-parser to fix sepolicy (bnc#903841)