SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libsepol2-3.7-150600.106.1.x86_64.rpm :

* Mon Jul 01 2024 cathy.huAATTsuse.com- Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* libsepol: improve policy lookup failure message
* libsepol: include prefix for module policy versions
* libsepol: validate type-attribute-map for old policies
* libsepol: only exempt gaps checking for kernel policies
* Bugfixes:
* libsepol/src/Makefile: fix reallocarray detection
* libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
* libsepol: ensure transitivity in compare functions
* oss-fuzz fixes:
* libsepol: check scope permissions refer to valid class
* libsepol: validate attribute-type maps
* libsepol: reject self flag in type rules in old policies
* libsepol: validate class permissions
* libsepol: validate access vector permissions
* libsepol: reject MLS support in pre-MLS policies
* libsepol: Fix buffer overflow when using sepol_av_to_string()
* libsepol: Use a dynamic buffer in sepol_av_to_string()
* Tue Dec 19 2023 cathy.huAATTsuse.com- Update to version 3.6 https://github.com/SELinuxProject/selinux/releases/tag/3.6
* struct cond_expr_t bool renamed to boolean The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from https://translate.fedoraproject.org/projects/selinux/
* Bug fixes- Remove keys from keyring since they expired: - E853C1848B0185CF42864DF363A8AD4B982C4373 Petr Lautrbach - 63191CE94183098689CAB8DB7EF137EC935B0EAF Jason Zaman - Add key to keyring: - B8682847764DF60DF52D992CBC3905F235179CF1 Petr Lautrbach
* Thu Mar 23 2023 mliskaAATTsuse.cz- Enable LTO now (boo#1138813).
* Fri Feb 24 2023 jsegitzAATTsuse.com- Update to version 3.5
* Stricter policy validation
* do not write empty class definitions to allow simpler round-trip tests
* reject attributes in type av rules for kernel policies- Added additional developer key (Jason Zaman)
* Mon May 09 2022 jsegitzAATTsuse.com- Update to version 3.4
* Add \'ioctl_skip_cloexec\' policy capability
* Add sepol_av_perm_to_string
* Add policy utilities
* Support IPv4/IPv6 address embedding
* Hardened/added many validations
* Add support for file types in writing out policy.conf
* Allow optional file type in genfscon rules
* Thu Nov 11 2021 jsegitzAATTsuse.com- Update to version 3.3
* Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch are all included
* Lot of smaller fixes identified by fuzzing
* Wed Jul 21 2021 jsegitzAATTsuse.com- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928. Added CVE-2021-36087.patch
* Mon Jul 05 2021 jsegitzAATTsuse.com- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965). Added CVE-2021-36085.patch- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964). Added CVE-2021-36086.patch
* Tue Mar 09 2021 jsegitzAATTsuse.com- Update to version 3.2
* more space-efficient form of storing filename transitions in the binary policy and reduced the size of the binary policy
* dropped old and deprecated symbols and functions. Version was bumped to libsepol.so.2
* Thu Oct 29 2020 lnusselAATTsuse.de- install to /usr (boo#1029961)
* Tue Jul 14 2020 jsegitzAATTsuse.com- Update to version 3.1
* Add support for new polcap genfs_seclabel_symlinks
* Initialize the multiple_decls field of the cil db
* Return error when identifier declared as both type and attribute
* Write CIL default MLS rules on separate lines
* Sort portcon rules consistently
* Remove leftovers of cil_mem_error_handler
* Drop remove_cil_mem_error_handler.patch, is included
* Mon Apr 27 2020 mliskaAATTsuse.cz- Enable -fcommon in order to fix boo#1160874.
* Tue Mar 03 2020 jsegitzAATTsuse.de- Update to version 3.0
* cil: Allow validatetrans rules to be resolved
* cil: Report disabling an optional block only at high verbose levels
* cil: do not dereference perm_value_to_cil when it has not been allocated
* cil: fix mlsconstrain segfault
* Further improve binary policy optimization
* Make an unknown permission an error in CIL
* Remove cil_mem_error_handler() function pointer
* Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
* Add a function to optimize kernel policy
* Add ebitmap_for_each_set_bit macro Dropped fnocommon.patch as it\'s included upstream
* Thu Jan 30 2020 jsegitzAATTsuse.de- Add fnocommon.patch to prevent build failures on gcc10 and remove_cil_mem_error_handler.patch to prevent build failures due to leftovers from the removal of cil_mem_error_handler (bsc#1160874)
* Thu Jun 20 2019 mliskaAATTsuse.cz- Disable LTO due to symbol versioning (boo#1138813).
* Wed Mar 20 2019 jsegitzAATTsuse.com- Update to version 2.9
* Add two new Xen initial SIDs
* Check that initial sid indexes are within the valid range
* Create policydb_sort_ocontexts()
* Eliminate initial sid string definitions in module_to_cil.c
* Rename kernel_to_common.c stack functions
* add missing ibendport port validity check
* destroy the copied va_list
* do not call malloc with 0 byte
* do not leak memory if list_prepend fails
* do not use uninitialized value for low_value
* fix endianity in ibpkey range checks
* ibpkeys.c: fix printf format string specifiers for subnet_prefix
* mark permissive types when loading a binary policy
* Thu Nov 08 2018 jengelhAATTinai.de- Use more %make_install.
* Thu Nov 08 2018 jsegitzAATTsuse.com- Adjusted source urls (bsc#1115052)
* Wed Oct 17 2018 jsegitzAATTsuse.com- Update to version 2.8 (bsc#1111732) For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
* Wed May 16 2018 mceplAATTsuse.com- Rebase to 2.7 For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
* Fri Nov 24 2017 jsegitzAATTsuse.com- Update to version 2.6. Notable changes:
* Add support for converting extended permissions to CIL
* Create user and role caches when building binary policy
* Check for too many permissions in classes and commons in CIL
* Fix xperm mapping between avrule and avtab
* Produce more meaningful error messages for conflicting type rules in CIL
* Change which attributes CIL keeps in the binary policy
* Warn instead of fail if permission is not resolved
* Ignore object_r when adding userrole mappings to policydb
* Correctly detect unknown classes in sepol_string_to_security_class
* Fix neverallowxperm checking on attributes
* Only apply bounds checking to source types in rules
* Fix CIL and not add an attribute as a type in the attr_type_map
* Fix extended permissions neverallow checking
* Fix CIL neverallow and bounds checking
* Add support for portcon dccp protocol
* Fri Jul 15 2016 jengelhAATTinai.de- Update RPM groups, trim description and combine filelist entries.
* Thu Jul 14 2016 mpluskalAATTsuse.com- Cleanup spec file with spec-cleaner- Make spec file a bit more easy- Ship new supbackage (-tools)
* Thu Jul 14 2016 jsegitzAATTnovell.com- Without bug number no submit to SLE 12 SP2 is possible, so to make sle-changelog-checker happy: bsc#988977
* Thu Jul 14 2016 jsegitzAATTnovell.com- Adjusted source link
* Tue Jul 05 2016 iAATTmarguerite.su- update version 2.5
* Fix unused variable annotations
* Fix uninitialized variable in CIL
* Validate extended avrules and permissionxs in CIL
* Add support in CIL for neverallowx
* Fully expand neverallowxperm rules
* Add support for unordered classes to CIL
* Add neverallow support for ioctl extended permissions
* Improve CIL block and macro call recursion detection
* Fix CIL uninitialized false positive in cil_binary
* Provide error in CIL if classperms are empty
* Add userattribute{set} functionality to CIL
* fix CIL blockinherit copying segfault and add macro restrictions
* fix CIL NULL pointer dereference when copying classpermission/set
* Add CIL support for ioctl whitelists
* Fix memory leak when destroying avtab
* Replace sscanf in module_to_cil
* Improve CIL resolution error messages
* Fix policydb_read for policy versions < 24
* Added CIL bounds checking and refactored CIL Neverallow checking
* Refactored libsepol Neverallow and bounds (hierarchy) checking
* Treat types like an attribute in the attr_type_map
* Add new ebitmap function named ebitmap_match_any()
* switch operations to extended perms
* Write auditadm_r and secadm_r roles to base module when writing CIL
* Fix module to CIL to only associate declared roleattributes with in-scope types
* Don\'t allow categories/sensitivities inside blocks in CIL
* Replace fmemopen() with internal function in libsepol
* Verify users prior to evaluating users in cil
* Binary modules do not support ioctl rules
* Add support for ioctl command whitelisting
* Don\'t use symbol versioning for static object files
* Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package()
* Move secilc out of libsepol
* fix building Xen policy with devicetreecon, and add devicetreecon CIL documentation
* bool_copy_callback set state on creation
* Add device tree ocontext nodes to Xen policy
* Widen Xen IOMEM context entries
* Fix error path in mls_semantic_level_expand()
* Update to latest CIL, includes new name resolution and fixes ordering issues with blockinherit statements, and bug fixes- changes in 2.4
* Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
* Fix bugs found by hardened gcc flags
* Build CIL into libsepol. libsepol can be built without CIL by setting the DISABLE_CIL flag to \'y\'
* Add an API function to set target_platform
* Report all neverallow violations
* Improve check_assertions performance
* Allow libsepol C++ static library on device
 
ICM