|
|
|
|
Changelog for libselinux-static-2.5-6.el7.i686.rpm :
Fri Aug 26 14:00:00 2016 Petr Lautrbach 2.5-6 - Handle NULL pcre study data
Wed Aug 10 14:00:00 2016 Petr Lautrbach 2.5-5 - Fix in tree compilation of utils that depend on libsepol
Mon Jun 27 14:00:00 2016 Petr Lautrbach - 2.5-4 - Clarify is_selinux_mls_enabled() description - Explain how to free policy type from selinux_getpolicytype() - Compare absolute pathname in matchpathcon -V - Add selinux_snapperd_contexts_path() - Modify audit2why analyze function to use loaded policy - Sort object files for deterministic linking order - Respect CC and PKG_CONFIG environment variable - Avoid mounting /proc outside of selinux_init_load_policy() - Fix multiple spelling errors
Wed Apr 27 14:00:00 2016 Petr Lautrbach - 2.5-3 - Fix setexecfilecon() to work better in a chroot (#1329931) - Fix typo in sefcontext_compile.8 (#1320062)
Mon Apr 11 14:00:00 2016 Petr Lautrbach - 2.5-2 - Fix location of selinuxfs mount point (#1321086) - Only mount /proc if necessary - procattr: return einval for <= 0 pid args - procattr: return error on invalid pid_t inpu
Tue Feb 23 13:00:00 2016 Petr Lautrbach 2.5-1 - Update to upstream release 2016-02-23
Fri Feb 14 13:00:00 2014 Dan Walsh - 2.2.2-6 - Add additional go bindings for get *con calls - Add go bindings test command - Modify man pages of set *con calls to mention that they are thread specific Resolves:#1053122
Fri Jan 31 13:00:00 2014 Dan Walsh - 2.2.2-5 - Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go - Add Int_to_mcs function to generate MCS labels from integers.
Fri Jan 31 13:00:00 2014 Miroslav Grepl - 2.2.2-4 - Fix libselinux.spec file - Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go - Add Int_to_mcs function to generate MCS labels from integers.
Tue Jan 28 13:00:00 2014 Daniel Mach - 2.2.2-3 - Mass rebuild 2014-01-24
Tue Jan 14 13:00:00 2014 Dan Walsh - 2.2.2-2 - Add ghost flag for /var/run/setrans Resolves: #1053122
Mon Jan 6 13:00:00 2014 Dan Walsh - 2.2.2-1 - Update to upstream * Fix userspace AVC handling of per-domain permissive mode. - Verify context is not null when passed into *setfilecon_raw
Fri Dec 27 13:00:00 2013 Adam Williamson - 2.2.1-6 - revert unexplained change to rhat.patch which broke SELinux disablement
Mon Dec 23 13:00:00 2013 Dan Walsh - 2.2.1-5 - Verify context is not null when passed into lsetfilecon_raw
Wed Dec 18 13:00:00 2013 Dan Walsh - 2.2.1-4 - Mv selinux.go to /usr/share/gocode/src/selinux - Add golang support to selinux.
Tue Dec 17 13:00:00 2013 Daniel Mach - 2.2.1-3 - Mass rebuild 2013-12-27
Thu Dec 5 13:00:00 2013 Dan Walsh - 2.2.1-2 - Remove togglesebool man page Resolves: #1038606
Mon Nov 25 13:00:00 2013 Dan Walsh - 2.2.1-1 - Update to upstream * Remove -lpthread from pkg-config file; it is not required. - Add support for policy compressed with xv
Thu Oct 31 13:00:00 2013 Dan Walsh - 2.2-1 - Update to upstream * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. * Support overriding Makefile RANLIB from Sven Vermeulen. * Update pkgconfig definition from Sven Vermeulen. * Mount sysfs before trying to mount selinuxfs from Sven Vermeulen. * Fix man pages from Laurent Bigonville. * Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville. * Fix LDFLAGS usage from Laurent Bigonville * Avoid shadowing stat in load_mmap from Joe MacDonald. * Support building on older PCRE libraries from Joe MacDonald. * Fix handling of temporary file in sefcontext_compile from Dan Walsh. * Fix procattr cache from Dan Walsh. * Define python constants for getenforce result from Dan Walsh. * Fix label substitution handling of / from Dan Walsh. * Add selinux_current_policy_path from Dan Walsh. * Change get_context_list to only return good matches from Dan Walsh. * Support udev-197 and higher from Sven Vermeulen and Dan Walsh. * Add support for local substitutions from Dan Walsh. * Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh. * Python wrapper leak fixes from Dan Walsh. * Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh. * Add selinux_systemd_contexts_path from Dan Walsh. * Add selinux_set_policy_root from Dan Walsh. * Add man page for sefcontext_compile from Dan Walsh.
Fri Oct 4 14:00:00 2013 Dan Walsh - 2.1.13-21 - Add systemd_contexts support - Do substitutions on a local sub followed by a dist sub Resolves: #971425
Thu Oct 3 14:00:00 2013 Dan Walsh - 2.1.13-20 - Eliminate requirement on pthread library, by applying patch for Jakub Jelinek Resolves: #1013801
Mon Sep 16 14:00:00 2013 Dan Walsh - 2.1.13-19 - Fix handling of libselinux getconlist with only one entry
Tue Sep 3 14:00:00 2013 Dan Walsh - 2.1.13-17 - Add Python constants for SELinux enforcing modes
Sat Aug 3 14:00:00 2013 Fedora Release Engineering - 2.1.13-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
Fri Jun 28 14:00:00 2013 Dan Walsh - 2.1.13-16 - Add sefcontext_compile.8 man page - Add Russell Coker patch to fix man pages - Add patches from Laurent Bigonville to fix Makefiles for debian. - modify spec file to use /usr/lib
Mon May 6 14:00:00 2013 Dan Walsh - 2.1.13-15 - Fix patch that Handles substitutions for /
Wed Apr 17 14:00:00 2013 Dan Walsh - 2.1.13-14 - Handle substitutions for / - semanage fcontext -a -e / /opt/rh/devtoolset-2/root
Tue Apr 9 14:00:00 2013 Dan Walsh - 2.1.13-13 - Add Eric Paris patch to fix procattr calls after a fork.
Tue Mar 26 13:00:00 2013 Dan Walsh - 2.1.13-12 - Move secolor.conf.5 into mcstrans package and out of libselinux
Wed Mar 20 13:00:00 2013 Dan Walsh - 2.1.13-11 - Fix python bindings for selinux_check_access
Tue Mar 19 13:00:00 2013 Dan Walsh - 2.1.13-10 - Fix reseting the policy root in matchpathcon
Wed Mar 6 13:00:00 2013 Dan Walsh - 2.1.13-9 - Cleanup setfcontext_compile atomic patch - Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root - Make sure we set exit codes from selinux_label calls to ENOENT or SUCCESS
Wed Mar 6 13:00:00 2013 Dan Walsh - 2.1.13-8 - Make setfcontext_compile atomic
Wed Mar 6 13:00:00 2013 Dan Walsh - 2.1.13-7 - Fix memory leak in set *con calls.
Thu Feb 28 13:00:00 2013 Dan Walsh - 2.1.13-6 - Move matchpathcon to -utils package - Remove togglesebool
Thu Feb 21 13:00:00 2013 Dan Walsh - 2.1.13-5 - Fix selinux man page to reflect what current selinux policy is.
Fri Feb 15 13:00:00 2013 Dan Walsh - 2.1.13-4 - Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files.
Fri Feb 15 13:00:00 2013 Dan Walsh - 2.1.13-3 - Bring back selinux_current_policy_path
Thu Feb 14 13:00:00 2013 Dan Walsh - 2.1.13-2 - Revert some changes which are causing the wrong policy version file to be created
Thu Feb 7 13:00:00 2013 Dan Walsh - 2.1.13-1 - Update to upstream * audit2why: make sure path is nul terminated * utils: new file context regex compiler * label_file: use precompiled filecontext when possible * do not leak mmapfd * sefcontontext_compile: Add error handling to help debug problems in libsemanage. * man: make selinux.8 mention service man pages * audit2why: Fix segfault if finish() called twice * audit2why: do not leak on multiple init() calls * mode_to_security_class: interface to translate a mode_t in to a security class * audit2why: Cleanup audit2why analysys function * man: Fix program synopsis and function prototypes in man pages * man: Fix man pages formatting * man: Fix typo in man page * man: Add references and man page links to _raw function variants * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions * man: context_new(3): fix the return value description * selinux_status_open: handle error from sysconf * selinux_status_open: do not leak statusfd on exec * Fix errors found by coverity * Change boooleans.subs to booleans.subs_dist. * optimize set *con functions * pkg-config do not specifc ruby version * unmap file contexts on selabel_close() * do not leak file contexts with mmap\'d backend * sefcontext_compile: do not leak fd on error * matchmediacon: do not leak fd * src/label_android_property: do not leak fd on error
Sun Jan 27 13:00:00 2013 Dan Walsh - 2.1.12-20 - Update to latest patches from eparis/Upstream
Fri Jan 25 13:00:00 2013 Dan Walsh - 2.1.12-19 - Update to latest patches from eparis/Upstream
Wed Jan 23 13:00:00 2013 Dan Walsh - 2.1.12-18 - Try procatt speedup patch again
Wed Jan 23 13:00:00 2013 Dan Walsh - 2.1.12-17 - Roll back procattr speedups since it seems to be screwing up systemd labeling.
Tue Jan 22 13:00:00 2013 Dan Walsh - 2.1.12-16 - Fix tid handling for setfscreatecon, old patch still broken in libvirt
Wed Jan 16 13:00:00 2013 Dan Walsh - 2.1.12-15 - Fix tid handling for setfscreatecon, old patch still broken in libvirt
Mon Jan 14 13:00:00 2013 Dan Walsh - 2.1.12-14 - setfscreatecon after fork was broken by the Set *con patch. - We needed to reset the thread variables after a fork.
Thu Jan 10 13:00:00 2013 Dan Walsh - 2.1.12-13 - Fix setfscreatecon call to handle failure mode, which was breaking udev
Wed Jan 9 13:00:00 2013 Dan Walsh - 2.1.12-12 - Ondrej Oprala patch to optimize set *con functions - Set *con now caches the security context and only re-sets it if it changes.
Tue Jan 8 13:00:00 2013 Dan Walsh - 2.1.12-11 - Rebuild against latest libsepol
Fri Jan 4 13:00:00 2013 Dan Walsh - 2.1.12-10 - Update to latest patches from eparis/Upstream - Fix errors found by coverity - set the sepol_compute_av_reason_buffer flag to 0. This means calculate denials only? - audit2why: remove a useless policy vers variable - audit2why: use the new constraint information
Mon Nov 19 13:00:00 2012 Dan Walsh - 2.1.12-9 - Rebuild with latest libsepol
Fri Nov 16 13:00:00 2012 Dan Walsh - 2.1.12-8 - Return EPERM if login program can not reach default label for user - Attempt to return container info from audit2why
Thu Nov 1 13:00:00 2012 Dan Walsh - 2.1.12-7 - Apply patch from eparis to fix leaked file descriptor in new labeling code
Fri Oct 19 14:00:00 2012 Dan Walsh - 2.1.12-6 - Add new function mode_to_security_class which takes mode instead of a string. - Possibly will be used with coreutils.
Mon Oct 15 14:00:00 2012 Dan Walsh - 2.1.12-5 - Add back selinuxconlist and selinuxdefcon man pages
Mon Oct 15 14:00:00 2012 Dan Walsh - 2.1.12-4 - Fix segfault from calling audit2why.finish() multiple times
Fri Oct 12 14:00:00 2012 Dan Walsh - 2.1.12-3 - Fix up selinux man page to reference service man pages
Wed Sep 19 14:00:00 2012 Dan Walsh - 2.1.12-2 - Rebuild with fixed libsepol
Thu Sep 13 14:00:00 2012 Dan Walsh - 2.1.12-1 - Update to upstream * Add support for lxc_contexts_path * utils: add service to getdefaultcon * libsemanage: do not set soname needlessly * libsemanage: remove PYTHONLIBDIR and ruby equivalent * boolean name equivalency * getsebool: support boolean name substitution * Add man page for new selinux_boolean_sub function. * expose selinux_boolean_sub * matchpathcon: add -m option to force file type check * utils: avcstat: clear sa_mask set * seusers: Check for strchr failure * booleans: initialize pointer to silence coveriety * stop messages when SELinux disabled * label_file: use PCRE instead of glibc regex functions * label_file: remove all typedefs * label_file: move definitions to include file * label_file: do string to mode_t conversion in a helper function * label_file: move error reporting back into caller * label_file: move stem/spec handling to header * label_file: drop useless ncomp field from label_file data * label_file: move spec_hasMetaChars to header * label_file: fix potential read past buffer in spec_hasMetaChars * label_file: move regex sorting to the header * label_file: add accessors for the pcre extra data * label_file: only run regex files one time * label_file: new process_file function * label_file: break up find_stem_from_spec * label_file: struct reorg * label_file: only run array once when sorting * Ensure that we only close the selinux netlink socket once. * improve the file_contexts.5 manual page
Fri Aug 3 14:00:00 2012 David Malcolm - 2.1.11-6 - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3
Wed Aug 1 14:00:00 2012 David Malcolm - 2.1.11-5 - make with_python3 be conditional on fedora
Thu Jul 19 14:00:00 2012 Fedora Release Engineering - 2.1.11-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
Mon Jul 16 14:00:00 2012 Dan Walsh - 2.1.11-3 - Move the tmpfiles.d content from /etc/tmpfiles.d to /usr/lib/tmpfiles.d
Fri Jul 13 14:00:00 2012 Dan Walsh - 2.1.11-2 - Revert Eric Paris Patch for selinux_binary_policy_path
Wed Jul 4 14:00:00 2012 Dan Walsh - 2.1.11-1 - Update to upstream * Fortify source now requires all code to be compiled with -O flag * asprintf return code must be checked * avc_netlink_recieve handle EINTR * audit2why: silence -Wmissing-prototypes warning * libsemanage: remove build warning when build swig c files * matchpathcon: bad handling of symlinks in / * seusers: remove unused lineno * seusers: getseuser: gracefully handle NULL service * New Android property labeling backend * label_android_property whitespace cleanups * additional makefile support for rubywrap
Mon Jun 11 14:00:00 2012 Dan Walsh - 2.1.10-5 - Fix booleans.subs name, change function name to selinux_boolean_sub, add man page, minor fixes to the function
Fri May 25 14:00:00 2012 Dan Walsh - 2.1.10-4 - Fix to compile with Fortify source * Add -O compiler flag * Check return code from asprintf - Fix handling of symbolic links in / by realpath_not_final
Tue Apr 17 14:00:00 2012 Dan Walsh - 2.1.10-3 - Add support for lxc contexts file
Fri Mar 30 14:00:00 2012 Dan Walsh - 2.1.10-2 - Add support fot boolean subs file
Thu Mar 29 14:00:00 2012 Dan Walsh - 2.1.10-1 - Update to upstream * Fix dead links to www.nsa.gov/selinux * Remove jump over variable declaration * Fix old style function definitions * Fix const-correctness * Remove unused flush_class_cache method * Add prototype decl for destructor * Add more printf format annotations * Add printf format attribute annotation to die() method * Fix const-ness of parameters & make usage() methods static * Enable many more gcc warnings for libselinux/src/ builds * utils: Enable many more gcc warnings for libselinux/utils builds * Change annotation on include/selinux/avc.h to avoid upsetting SWIG * Ensure there is a prototype for \'matchpathcon_lib_destructor\' * Update Makefiles to handle /usrmove * utils: Stop separating out matchpathcon as something special * pkg-config to figure out where ruby include files are located * build with either ruby 1.9 or ruby 1.8 * assert if avc_init() not called * take security_deny_unknown into account * security_compute_create_name(3) * Do not link against python library, this is considered * bad practice in debian * Hide unnecessarily-exported library destructors
Thu Feb 16 13:00:00 2012 Dan Walsh - 2.1.9-9 - Add selinux_current_policy_path to return /sys/fs/selinux/policy if it exists - Otherwise search for policy on disk
Wed Feb 15 13:00:00 2012 Dan Walsh - 2.1.9-8 - Change selinux_binary_policy_path to return /sys/fs/selinux/policy - Add selinux_installed_policy_path to return what selinux_binary_policy_path used to return - avc_has_perm will now return yes if the machine is in permissive mode - Make work with ruby-1.9
Fri Feb 3 13:00:00 2012 Dan Walsh - 2.1.9-7 - avc_netlink_recieve should continue to poll if it receinves an EINTR rather
Sun Jan 29 13:00:00 2012 Kay Sievers - 2.1.9-6 - use /sbin/ldconfig, glibc does not provide /usr/sbin/ldconfig in the RPM database for now
Fri Jan 27 13:00:00 2012 Dan Walsh - 2.1.9-5 - Rebuild with cleaned up upstream to work in /usr
Wed Jan 25 13:00:00 2012 Harald Hoyer 2.1.9-4 - install everything in /usr https://fedoraproject.org/wiki/Features/UsrMove
Mon Jan 23 13:00:00 2012 Dan Walsh - 2.1.9-3 - Add Dan Berrange code cleanup patches.
Wed Jan 4 13:00:00 2012 Dan Walsh - 2.1.9-2 - Fix selabal_open man page to refer to proper selinux_opt structure
Wed Dec 21 13:00:00 2011 Dan Walsh - 2.1.9-1 -Update to upstream * Fix setenforce man page to refer to selinux man page * Cleanup Man pages * merge freecon with getcon man page
Mon Dec 19 13:00:00 2011 Dan Walsh - 2.1.8-5 - Add patch from Richard Haines When selabel_lookup found an invalid context with validation enabled, it always stated it was \'file_contexts\' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults. - Fix setenforce manage page.
Thu Dec 15 13:00:00 2011 Dan Walsh - 2.1.8-4 - Rebuild with new libsepol
Tue Dec 6 13:00:00 2011 Dan Walsh - 2.1.8-2 - Fix setenforce man page, from Miroslav Grepl
Tue Dec 6 13:00:00 2011 Dan Walsh - 2.1.8-1 - Upgrade to upstream * selinuxswig_python.i: don\'t make syscall if it won\'t change anything * Remove assert in security_get_boolean_names(3) * Mapped compute functions now obey deny_unknown flag * get_default_type now sets EINVAL if no entry. * return EINVAL if invalid role selected * Updated selabel_file(5) man page * Updated selabel_db(5) man page * Updated selabel_media(5) man page * Updated selabel_x(5) man page * Add man/man5 man pages * Add man/man5 man pages * Add man/man5 man pages * use -W and -Werror in utils
Tue Nov 29 13:00:00 2011 Dan Walsh - 2.1.7-2 - Change python binding for restorecon to check if the context matches. - If it does do not reset
Fri Nov 4 13:00:00 2011 Dan Walsh - 2.1.7-1 - Upgrade to upstream * Makefiles: syntax, convert all ${VAR} to $(VAR) * load_policy: handle selinux=0 and /sys/fs/selinux not exist * regenerate .pc on VERSION change * label: cosmetic cleanups * simple interface for access checks * Don\'t reinitialize avc_init if it has been called previously * seusers: fix to handle large sets of groups * audit2why: close fd on enomem * rename and export symlink_realpath * label_file: style changes to make Eric happy.
Mon Oct 24 14:00:00 2011 Dan Walsh - 2.1.6-4 - Apply libselinux patch to handle large groups in seusers.
Wed Oct 19 14:00:00 2011 Dan Walsh - 2.1.6-3 - Add selinux_check_access function. Needed for passwd, chfn, chsh
Thu Sep 22 14:00:00 2011 Dan Walsh - 2.1.6-2 - Handle situation where selinux=0 passed to the kernel and both /selinux and
Mon Sep 19 14:00:00 2011 Dan Walsh - 2.1.6-1 -Update to upstream * utils: matchpathcon: remove duplicate declaration * src: matchpathcon: use myprintf not fprintf * src: matchpathcon: make sure resolved path starts * put libselinux.so.1 in /lib not /usr/lib * tree: default make target to all not
Wed Sep 14 14:00:00 2011 Dan Walsh - 2.1.5-5 - Switch to use \":\" as prefix separator rather then \";\"
Thu Sep 8 14:00:00 2011 Ville Skyttä - 2.1.5-4 - Avoid unnecessary shell invocation in %post.
Tue Sep 6 14:00:00 2011 Dan Walsh - 2.1.5-3 - Fix handling of subset labeling that is causing segfault in restorecon
Fri Sep 2 14:00:00 2011 Dan Walsh - 2.1.5-2 - Change matchpathcon_init_prefix and selabel_open to allow multiple initial prefixes. Now you can specify a \";\" separated list of prefixes and the labeling system will only load regular expressions that match these prefixes.
Tue Aug 30 14:00:00 2011 Dan Walsh - 2.1.5-1 - Change matchpatcon to use proper myprintf - Fix symlink_realpath to always include \"/\" - Update to upstream * selinux_file_context_verify function returns wrong value. * move realpath helper to matchpathcon library * python wrapper makefile changes
Mon Aug 22 14:00:00 2011 Dan Walsh - 2.1.4-2 - Move to new Makefile that can build with or without PYTHON being set
Thu Aug 18 14:00:00 2011 Dan Walsh - 2.1.4-1 -Update to upstream 2.1.4 2011-0817 * mapping fix for invalid class/perms after selinux_set_mapping * audit2why: work around python bug not defining * resolv symlinks and dot directories before matching
2.1.2 2011-0803 * audit2allow: do not print statistics * make python bindings for restorecon work on relative path * fix python audit2why binding error * support new python3 functions * do not check fcontext duplicates on use * Patch for python3 for libselinux
2.1.1 2011-08-02 * move .gitignore into utils * new setexecon utility * selabel_open fix processing of substitution files * mountpoint changing patch. * simplify SRCS in Makefile
2.1.1 2011-08-01 * Remove generated files, introduce more .gitignore
Thu Jul 28 14:00:00 2011 Dan Walsh - 2.1.0-1 -Update to upstream * Release, minor version bump * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_ * functions by Richard Haines.
Mon Jun 13 14:00:00 2011 Dan Walsh - 2.0.102-6 - Only call dups check within selabel/matchpathcon if you are validating the context - This seems to speed the loading of labels by 4 times.
Fri Apr 29 14:00:00 2011 Dan Walsh - 2.0.102-5 - Move /selinux to /sys/fs/selinux - Add selinuxexeccon - Add realpath to matchpathcon to handle matchpathcon * type queries.
Thu Apr 21 14:00:00 2011 Dan Walsh - 2.0.102-4 - Update for latest libsepol
Mon Apr 18 14:00:00 2011 Dan Walsh - 2.0.102-3 - Update for latest libsepol
Wed Apr 13 14:00:00 2011 Dan Walsh - 2.0.102-2 - Fix restorecon python binding to accept relative paths
Tue Apr 12 14:00:00 2011 Dan Walsh - 2.0.102-1 -Update to upstream * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_ * functions by Richard Haines.
Wed Apr 6 14:00:00 2011 Dan Walsh - 2.0.101-1 - Clean up patch to make handling of constructor cleanup more portable * db_language object class support for selabel_lookup from KaiGai Kohei. * Library destructors for thread local storage keys from Eamon Walsh.
Tue Apr 5 14:00:00 2011 Dan Walsh - 2.0.99-5 - Add distribution subs path
Tue Apr 5 14:00:00 2011 Dan Walsh - 2.0.99-4 Add patch from dbholeAATTredhat.com to initialize thread keys to -1 Errors were being seen in libpthread/libdl that were related to corrupt thread specific keys. Global destructors that are called on dl unload. During destruction delete a thread specific key without checking if it has been initialized. Since the constructor is not called each time (i.e. key is not initialized with pthread_key_create each time), and the default is 0, there is a possibility that key 0 for an active thread gets deleted. This is exactly what is happening in case of OpenJDK.
Workaround patch that initializes the key to -1. Thus if the constructor is not called, the destructor tries to delete key -1 which is deemed invalid by pthread_key_delete, and is ignored.
Tue Apr 5 14:00:00 2011 Dan Walsh - 2.0.99-3 - Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data
Fri Apr 1 14:00:00 2011 Dan Walsh - 2.0.99-2 - Change mount source options to use \"proc\" and \"selinuxfs\"
Tue Mar 1 13:00:00 2011 Dan Walsh - 2.0.99-1 - Update to upstream * Turn off default user handling when computing user contexts by Dan Walsh
Tue Feb 8 13:00:00 2011 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
Tue Feb 1 13:00:00 2011 Dan Walsh - 2.0.98-3 - Fixup selinux man page
Tue Jan 18 13:00:00 2011 Dan Walsh - 2.0.98-2 - Fix Makefile to use pkg-config --cflags python3 to discover include paths
Tue Dec 21 13:00:00 2010 Dan Walsh - 2.0.98-1 - Update to upstream - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
Mon Dec 6 13:00:00 2010 Dan Walsh - 2.0.97-1 - Update to upstream * Thread local storage fixes from Eamon Walsh.
Sat Dec 4 13:00:00 2010 Dan Walsh - 2.0.96-9 - Add /etc/tmpfiles.d support for /var/run/setrans
Wed Nov 24 13:00:00 2010 Dan Walsh - 2.0.96-8 - Ghost /var/run/setrans
Wed Sep 29 14:00:00 2010 jkeating - 2.0.96-7 - Rebuilt for gcc bug 634757
Thu Sep 16 14:00:00 2010 Adam Tkac - 2.0.96-6 - rebuild via updated swig (#624674)
Sun Aug 22 14:00:00 2010 Dan Walsh - 2.0.96-5 - Update for python 3.2a1
Tue Jul 27 14:00:00 2010 Dan Walsh - 2.0.96-4 - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
Wed Jul 21 14:00:00 2010 David Malcolm - 2.0.96-3 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
Fri Jun 25 14:00:00 2010 Dan Walsh - 2.0.96-2 - Turn off messages in audit2why
Wed Mar 24 13:00:00 2010 Dan Walsh - 2.0.96-1 - Update to upstream * Add const qualifiers to public API where appropriate by KaiGai Kohei.
2.0.95 2010-06-10 * Remove duplicate slashes in paths in selabel_lookup from Chad Sellers * Adds a chcon method to the libselinux python bindings from Steve Lawrence - add python3 subpackage from David Malcolm
Wed Mar 24 13:00:00 2010 Dan Walsh - 2.0.94-1
* Set errno=EINVAL for invalid contexts from Dan Walsh.
Tue Mar 16 13:00:00 2010 Dan Walsh - 2.0.93-1 - Update to upstream * Show strerror for security_getenforce() by Colin Waters. * Merged selabel database support by KaiGai Kohei. * Modify netlink socket blocking code by KaiGai Kohei.
Sun Mar 7 13:00:00 2010 Dan Walsh - 2.0.92-1 - Update to upstream * Fix from Eric Paris to fix leak on non-selinux systems. * regenerate swig wrappers * pkgconfig fix to respect LIBDIR from Dan Walsh.
Wed Feb 24 13:00:00 2010 Dan Walsh - 2.0.91-1 - Update to upstream * Change the AVC to only audit the permissions specified by the policy, excluding any permissions specified via dontaudit or not specified via auditallow. * Fix compilation of label_file.c with latest glibc headers.
Mon Feb 22 13:00:00 2010 Dan Walsh - 2.0.90-5 - Fix potential doublefree on init
Thu Feb 18 13:00:00 2010 Dan Walsh - 2.0.90-4 - Fix libselinux.pc
Mon Jan 18 13:00:00 2010 Dan Walsh - 2.0.90-3 - Fix man page for selinuxdefcon
Mon Jan 4 13:00:00 2010 Dan Walsh - 2.0.90-2 - Free memory on disabled selinux boxes
Tue Dec 1 13:00:00 2009 Dan Walsh - 2.0.90-1 - Update to upstream * add/reformat man pages by Guido Trentalancia . * Change exception.sh to be called with bash by Manoj Srivastava
Mon Nov 2 13:00:00 2009 Dan Walsh - 2.0.89-2 - Fix selinuxdefcon man page
Mon Nov 2 13:00:00 2009 Dan Walsh - 2.0.89-1 - Update to upstream * Add pkgconfig file from Eamon Walsh.
Thu Oct 29 13:00:00 2009 Dan Walsh - 2.0.88-1 - Update to upstream * Rename and export selinux_reset_config()
Tue Sep 8 14:00:00 2009 Dan Walsh - 2.0.87-1 - Update to upstream * Add exception handling in libselinux from Dan Walsh. This uses a shell script called exception.sh to generate a swig interface file. * make swigify * Make matchpathcon print <> if path not found in fcontext file.
Tue Sep 8 14:00:00 2009 Dan Walsh - 2.0.86-2 - Eliminate -pthread switch in Makefile
Tue Sep 8 14:00:00 2009 Dan Walsh - 2.0.86-1 - Update to upstream * Removal of reference counting on userspace AVC SID\'s.
Sat Jul 25 14:00:00 2009 Fedora Release Engineering - 2.0.85-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Tue Jul 7 14:00:00 2009 Dan Walsh - 2.0.85-1 - Update to upstream * Reverted Tomas Mraz\'s fix for freeing thread local storage to avoid pthread dependency. * Removed fini_context_translations() altogether. * Merged lazy init patch from Stephen Smalley based on original patch by Steve Grubb.
Tue Jul 7 14:00:00 2009 Dan Walsh - 2.0.84-1 - Update to upstream * Add per-service seuser support from Dan Walsh. * Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. * Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
Wed Jun 24 14:00:00 2009 Dan Walsh - 2.0.82-2 - Add provices ruby(selinux)
Tue Jun 23 14:00:00 2009 Dan Walsh - 2.0.82-1 - Update to upstream * Fix improper use of thread local storage from Tomas Mraz . * Label substitution support from Dan Walsh. * Support for labeling virtual machine images from Dan Walsh.
Mon May 18 14:00:00 2009 Dan Walsh - 2.0.81-1 - Update to upstream * Trim / from the end of input paths to matchpathcon from Dan Walsh. * Fix leak in process_line in label_file.c from Hiroshi Shinji. * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. * getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
Wed Apr 8 14:00:00 2009 Dan Walsh - 2.0.80-1 - Update to upstream * deny_unknown wrapper function from KaiGai Kohei. * security_compute_av_flags API from KaiGai Kohei. * Netlink socket management and callbacks from KaiGai Kohei.
Fri Apr 3 14:00:00 2009 Dan Walsh - 2.0.79-6 - Fix Memory Leak
Thu Apr 2 14:00:00 2009 Dan Walsh - 2.0.79-5 - Fix crash in python
Sun Mar 29 14:00:00 2009 Dan Walsh - 2.0.79-4 - Add back in additional interfaces
Fri Mar 27 13:00:00 2009 Dan Walsh - 2.0.79-3 - Add back in av_decision to python swig
Thu Mar 12 13:00:00 2009 Dan Walsh - 2.0.79-1 - Update to upstream * Netlink socket handoff patch from Adam Jackson. * AVC caching of compute_create results by Eric Paris.
Tue Mar 10 13:00:00 2009 Dan Walsh - 2.0.78-5 - Add patch from ajax to accellerate X SELinux - Update eparis patch
Mon Mar 9 13:00:00 2009 Dan Walsh - 2.0.78-4 - Add eparis patch to accellerate Xwindows performance
Mon Mar 9 13:00:00 2009 Dan Walsh - 2.0.78-3 - Fix URL
Fri Mar 6 13:00:00 2009 Dan Walsh - 2.0.78-2 - Add substitute pattern - matchpathcon output <> on ENOENT
Mon Mar 2 13:00:00 2009 Dan Walsh - 2.0.78-1 - Update to upstream * Fix incorrect conversion in discover_class code.
Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 2.0.77-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Wed Feb 18 13:00:00 2009 Dan Walsh - 2.0.77-5 - Add - selinux_virtual_domain_context_path - selinux_virtual_image_context_path
Tue Jan 6 13:00:00 2009 Dan Walsh - 2.0.77-3 - Throw exeptions in python swig bindings on failures
Tue Jan 6 13:00:00 2009 Dan Walsh - 2.0.77-2 - Fix restorecon python code
Tue Jan 6 13:00:00 2009 Dan Walsh - 2.0.77-1 - Update to upstream
Tue Dec 16 13:00:00 2008 Dan Walsh - 2.0.76-6 - Strip trailing / for matchpathcon
Tue Dec 16 13:00:00 2008 Dan Walsh l - 2.0.76-5 - Fix segfault if seusers file does not work
Fri Dec 12 13:00:00 2008 Dan Walsh - 2.0.76-4 - Add new function getseuser which will take username and service and return - seuser and level. ipa will populate file in future. - Change selinuxdefcon to return just the context by default
Sat Nov 29 13:00:00 2008 Ignacio Vazquez-Abrams - 2.0.76-2 - Rebuild for Python 2.6
Mon Nov 17 13:00:00 2008 Dan Walsh - 2.0.76-1 - Update to Upstream * Allow shell-style wildcards in x_contexts file.
Mon Nov 17 13:00:00 2008 Dan Walsh - 2.0.75-2 - Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names - Add Restorecon/Install python functions from Luke Macken
Fri Nov 7 13:00:00 2008 Dan Walsh - 2.0.75-1 - Update to Upstream * Correct message types in AVC log messages. * Make matchpathcon -V pass mode from Dan Walsh. * Add man page for selinux_file_context_cmp from Dan Walsh.
Tue Sep 30 14:00:00 2008 Dan Walsh - 2.0.73-1 - Update to Upstream * New man pages from Dan Walsh. * Update flask headers from refpolicy trunk from Dan Walsh.
Fri Sep 26 14:00:00 2008 Dan Walsh - 2.0.71-6 - Fix matchpathcon -V call
Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-5 - Add flask definitions for open, X and nlmsg_tty_audit
Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-4 - Add missing get/setkeycreatecon man pages
Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-3 - Split out utilities
Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-2 - Add missing man page links for [lf]getfilecon
Tue Aug 5 14:00:00 2008 Dan Walsh - 2.0.71-1 - Update to Upstream * Add group support to seusers using %groupname syntax from Dan Walsh. * Mark setrans socket close-on-exec from Stephen Smalley. * Only apply nodups checking to base file contexts from Stephen Smalley.
Fri Aug 1 14:00:00 2008 Dan Walsh - 2.0.70-1 - Update to Upstream * Merge ruby bindings from Dan Walsh. - Add support for Linux groups to getseuserbyname
Fri Aug 1 14:00:00 2008 Dan Walsh - 2.0.69-2 - Allow group handling in getseuser call
Tue Jul 29 14:00:00 2008 Dan Walsh - 2.0.69-1 - Update to Upstream * Handle duplicate file context regexes as a fatal error from Stephen Smalley. This prevents adding them via semanage. * Fix audit2why shadowed variables from Stephen Smalley. * Note that freecon NULL is legal in man page from Karel Zak.
Wed Jul 9 14:00:00 2008 Dan Walsh - 2.0.67-4 - Add ruby support for puppet
Tue Jul 8 14:00:00 2008 Dan Walsh - 2.0.67-3 - Rebuild for new libsepol
Sun Jun 29 14:00:00 2008 Dan Walsh - 2.0.67-2 - Add Karel Zak patch for freecon man page
Sun Jun 22 14:00:00 2008 Dan Walsh - 2.0.67-1 - Update to Upstream * New and revised AVC, label, and mapping man pages from Eamon Walsh. * Add swig python bindings for avc interfaces from Dan Walsh.
Sun Jun 22 14:00:00 2008 Dan Walsh - 2.0.65-1 - Update to Upstream * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized. * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
Fri May 16 14:00:00 2008 Dan Walsh - 2.0.64-3 - libselinux no longer neets to telnet -u in post install
Wed May 7 14:00:00 2008 Dan Walsh - 2.0.64-2 - Add sedefaultcon and setconlist commands to dump login context
Tue Apr 22 14:00:00 2008 Dan Walsh - 2.0.64-1 - Update to Upstream * Fixed selinux_set_callback man page. * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. * Fix memory leaks in matchpathcon from Eamon Walsh.
Wed Apr 16 14:00:00 2008 Dan Walsh - 2.0.61-4 - Add Xavior Toth patch for security_id_t in swig
Thu Apr 10 14:00:00 2008 Dan Walsh - 2.0.61-3 - Add avc.h to swig code
Wed Apr 9 14:00:00 2008 Dan Walsh - 2.0.61-2 - Grab the latest policy for the kernel
Tue Apr 1 14:00:00 2008 Dan Walsh - 2.0.61-1 - Update to Upstream * Man page typo fix from Jim Meyering.
Sun Mar 23 13:00:00 2008 Dan Walsh - 2.0.60-1 - Update to Upstream * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
Thu Mar 13 13:00:00 2008 Dan Walsh - 2.0.59-2 - Fix matchpathcon memory leak
Fri Feb 29 13:00:00 2008 Dan Walsh - 2.0.59-1 - Update to Upstream * Merged new X label \"poly_selection\" namespace from Eamon Walsh.
Thu Feb 28 13:00:00 2008 Dan Walsh - 2.0.58-1 - Update to Upstream * Merged reset_selinux_config() for load policy from Dan Walsh.
Thu Feb 28 13:00:00 2008 Dan Walsh - 2.0.57-2 - Reload library on loading of policy to handle chroot
Mon Feb 25 13:00:00 2008 Dan Walsh - 2.0.57-1 - Update to Upstream * Merged avc_has_perm() errno fix from Eamon Walsh.
Fri Feb 22 13:00:00 2008 Dan Walsh - 2.0.56-1 - Update to Upstream * Regenerated Flask headers from refpolicy flask definitions.
Wed Feb 13 13:00:00 2008 Dan Walsh - 2.0.55-1 - Update to Upstream * Merged compute_member AVC function and manpages from Eamon Walsh. * Provide more error reporting on load policy failures from Stephen Smalley.
Fri Feb 8 13:00:00 2008 Dan Walsh - 2.0.53-1 - Update to Upstream * Merged new X label \"poly_prop\" namespace from Eamon Walsh.
Wed Feb 6 13:00:00 2008 Dan Walsh - 2.0.52-1 - Update to Upstream * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley. * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.
Tue Jan 29 13:00:00 2008 Dan Walsh - 2.0.50-1 - Update to Upstream * Merged fix for audit2why from Dan Walsh.
Fri Jan 25 13:00:00 2008 Dan Walsh - 2.0.49-2 - Fix audit2why to grab latest policy versus the one selected by the kernel
Wed Jan 23 13:00:00 2008 Dan Walsh - 2.0.49-1
* Merged audit2why python binding from Dan Walsh.
Wed Jan 23 13:00:00 2008 Dan Walsh - 2.0.48-1
* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
Mon Jan 21 13:00:00 2008 Dan Walsh - 2.0.47-4 - Update to use libsepol-static library
Wed Jan 16 13:00:00 2008 Adel Gadllah - 2.0.47-3 - Move libselinux.a to -static package - Spec cleanups
Tue Jan 15 13:00:00 2008 Dan Walsh - 2.0.47-2 - Put back libselinux.a
Fri Jan 11 13:00:00 2008 Dan Walsh - 2.0.47-1 - Fix memory references in audit2why and change to use tuples - Update to Upstream * Fix for the avc: granted null message bug from Stephen Smalley.
Fri Jan 11 13:00:00 2008 Dan Walsh - 2.0.46-6 - Fix __init__.py specification
Tue Jan 8 13:00:00 2008 Dan Walsh - 2.0.46-5 - Add audit2why python bindings
Tue Jan 8 13:00:00 2008 Dan Walsh - 2.0.46-4 - Add pid_t typemap for swig bindings
Thu Jan 3 13:00:00 2008 Dan Walsh - 2.0.46-3 - smp_mflag
Thu Jan 3 13:00:00 2008 Dan Walsh - 2.0.46-2 - Fix spec file caused by spec review
Fri Nov 30 13:00:00 2007 Dan Walsh - 2.0.46-1 - Upgrade to upstream * matchpathcon(8) man page update from Dan Walsh.
Fri Nov 30 13:00:00 2007 Dan Walsh - 2.0.45-1 - Upgrade to upstream * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. * A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.
Thu Nov 15 13:00:00 2007 Dan Walsh - 2.0.43-1 - Upgrade to upstream * Regenerated Flask headers from policy.
Thu Nov 15 13:00:00 2007 Dan Walsh - 2.0.42-1 - Upgrade to upstream * AVC enforcing mode override patch from Eamon Walsh. * Aligned attributes in AVC netlink code from Eamon Walsh. - Move libselinux.so back into devel package, procps has been fixed
Tue Nov 6 13:00:00 2007 Dan Walsh - 2.0.40-1 - Upgrade to upstream * Merged refactored AVC netlink code from Eamon Walsh. * Merged new X label namespaces from Eamon Walsh. * Bux fix and minor refactoring in string representation code.
Fri Oct 5 14:00:00 2007 Dan Walsh - 2.0.37-1 - Upgrade to upstream * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
Fri Sep 28 14:00:00 2007 Dan Walsh - 2.0.36-1 - Upgrade to upstream * Fix segfault resulting from missing file_contexts file.
Thu Sep 27 14:00:00 2007 Dan Walsh - 2.0.35-2 - Fix segfault on missing file_context file
Wed Sep 26 14:00:00 2007 Dan Walsh - 2.0.35-1 - Upgrade to upstream * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. * Pass CFLAGS when using gcc for linking from Dennis Gilmore.
Mon Sep 24 14:00:00 2007 Dan Walsh - 2.0.34-3 - Add sparc patch to from Dennis Gilmore to build on Sparc platform
Mon Sep 24 14:00:00 2007 Dan Walsh - 2.0.34-2 - Remove leaked file descriptor
Tue Sep 18 14:00:00 2007 Dan Walsh - 2.0.34-1 - Upgrade to latest from NSA * Fix selabel option flag setting for 64-bit from Stephen Smalley.
Tue Sep 18 14:00:00 2007 Dan Walsh - 2.0.33-2 - Change matchpatcon to use syslog instead of syserror
Thu Sep 13 14:00:00 2007 Dan Walsh - 2.0.33-1 - Upgrade to latest from NSA * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley. * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley. * Fix swig binding for rpm_execcon from James Athey.
Thu Sep 6 14:00:00 2007 Dan Walsh - 2.0.31-4 - Apply James Athway patch to fix rpm_execcon python binding
Tue Aug 28 14:00:00 2007 Dan Walsh - 2.0.31-3 - Move libselinux.so back into main package, breaks procps
Thu Aug 23 14:00:00 2007 Dan Walsh - 2.0.31-2 - Upgrade to upstream * Fix file_contexts.homedirs path from Todd Miller.
Tue Aug 21 14:00:00 2007 Dan Walsh - 2.0.30-2 - Remove requirement on setransd, Moved to selinux-policy-mls
Fri Aug 10 14:00:00 2007 Dan Walsh - 2.0.30-1 - Move libselinux.so into devel package - Upgrade to upstream * Fix segfault resulting from uninitialized print-callback pointer. * Added x_contexts path function patch from Eamon Walsh. * Fix build for EMBEDDED=y from Yuichi Nakamura. * Fix markup problems in selinux man pages from Dan Walsh.
Fri Aug 3 14:00:00 2007 Dan Walsh - 2.0.29-1 - Upgrade to upstream * Updated version for stable branch. * Added x_contexts path function patch from Eamon Walsh. * Fix build for EMBEDDED=y from Yuichi Nakamura. * Fix markup problems in selinux man pages from Dan Walsh. * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh. * Added swigify to top-level Makefile from Dan Walsh. * Fix for string_to_security_class segfault on x86_64 from Stephen Smalley.
Mon Jul 23 14:00:00 2007 Dan Walsh - 2.0.24-3 - Apply Steven Smalley patch to fix segfault in string_to_security_class
Wed Jul 18 14:00:00 2007 Dan Walsh - 2.0.24-2 - Fix matchpathcon to set default myprintf
Mon Jul 16 14:00:00 2007 Dan Walsh - 2.0.24-1 - Upgrade to upstream * Fix for getfilecon() for zero-length contexts from Stephen Smalley.
Wed Jul 11 14:00:00 2007 Dan Walsh - 2.0.23-3 - Update to match flask/access_vectors in policy
Tue Jul 10 14:00:00 2007 Dan Walsh - 2.0.23-2 - Fix man page markup lanquage for translations
Tue Jun 26 14:00:00 2007 Dan Walsh - 2.0.23-1 - Fix semanage segfault on x86 platform
Thu Jun 21 14:00:00 2007 Dan Walsh - 2.0.22-1 - Upgrade to upstream * Labeling and callback interface patches from Eamon Walsh.
Tue Jun 19 14:00:00 2007 Dan Walsh - 2.0.21-2 | |