SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libsepol2-3.5-1.2.x86_64.rpm :

* Fri Feb 24 2023 Johannes Segitz - Update to version 3.5
* Stricter policy validation
* do not write empty class definitions to allow simpler round-trip tests
* reject attributes in type av rules for kernel policies- Added additional developer key (Jason Zaman)
* Mon May 09 2022 Johannes Segitz - Update to version 3.4
* Add \'ioctl_skip_cloexec\' policy capability
* Add sepol_av_perm_to_string
* Add policy utilities
* Support IPv4/IPv6 address embedding
* Hardened/added many validations
* Add support for file types in writing out policy.conf
* Allow optional file type in genfscon rules
* Thu Nov 11 2021 Johannes Segitz - Update to version 3.3
* Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch are all included
* Lot of smaller fixes identified by fuzzing
* Wed Jul 21 2021 Johannes Segitz - Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928. Added CVE-2021-36087.patch
* Mon Jul 05 2021 Johannes Segitz - Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965). Added CVE-2021-36085.patch- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964). Added CVE-2021-36086.patch
* Tue Mar 09 2021 Johannes Segitz - Update to version 3.2
* more space-efficient form of storing filename transitions in the binary policy and reduced the size of the binary policy
* dropped old and deprecated symbols and functions. Version was bumped to libsepol.so.2
* Thu Oct 29 2020 Ludwig Nussel - install to /usr (boo#1029961)
* Tue Jul 14 2020 Johannes Segitz - Update to version 3.1
* Add support for new polcap genfs_seclabel_symlinks
* Initialize the multiple_decls field of the cil db
* Return error when identifier declared as both type and attribute
* Write CIL default MLS rules on separate lines
* Sort portcon rules consistently
* Remove leftovers of cil_mem_error_handler
* Drop remove_cil_mem_error_handler.patch, is included
* Mon Apr 27 2020 Martin Liška - Enable -fcommon in order to fix boo#1160874.
* Tue Mar 03 2020 Johannes Segitz - Update to version 3.0
* cil: Allow validatetrans rules to be resolved
* cil: Report disabling an optional block only at high verbose levels
* cil: do not dereference perm_value_to_cil when it has not been allocated
* cil: fix mlsconstrain segfault
* Further improve binary policy optimization
* Make an unknown permission an error in CIL
* Remove cil_mem_error_handler() function pointer
* Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
* Add a function to optimize kernel policy
* Add ebitmap_for_each_set_bit macro Dropped fnocommon.patch as it\'s included upstream
* Thu Jan 30 2020 Johannes Segitz - Add fnocommon.patch to prevent build failures on gcc10 and remove_cil_mem_error_handler.patch to prevent build failures due to leftovers from the removal of cil_mem_error_handler (bsc#1160874)
  
ICM