@ -1,27 +1,39 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autochangelog
## END: Set by rpmautospec
%define ruby_inc %(pkg-config --cflags ruby)
%define ruby_inc %(pkg-config --cflags ruby)
%define libsepolver 3.5-1
%define libsepolver 3.7 -1
Summary: SELinux library and simple utilities
Summary: SELinux library and simple utilities
Name: libselinux
Name: libselinux
Version: 3.5
Version: 3.7
Release: 1 %{?dist}
Release: 3 %{?dist}
License: Public Domain
License: LicenseRef-Fedora-Public- Domain
# https://github.com/SELinuxProject/selinux/wiki/Releases
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libselinux-3.5.tar.gz
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz
Source1: selinuxconlist.8
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc
Source2: selinuxdefcon.8
Source2: https://github.com/bachradsusi.gpg
Source3: selinuxconlist.8
Source4: selinuxdefcon.8
Url: https://github.com/SELinuxProject/selinux/wiki
Url: https://github.com/SELinuxProject/selinux/wiki
# $ git clone https://github.com/fedora-selinux/selinux.git
# $ git clone https://github.com/fedora-selinux/selinux.git
# $ cd selinux
# $ cd selinux
# $ git format-patch -N 3.5 -- libselinux
# $ git format-patch -N 3.7 -- libselinux
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start
# Patch list start
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch
Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch
Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
# Patch list end
# Patch list end
BuildRequires: gcc make
BuildRequires: gcc make
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
BuildRequires: python3 python3-devel python3-pip
BuildRequires: python3 python3-devel python3-setuptools python3-wheel python3- pip
BuildRequires: systemd
BuildRequires: systemd
BuildRequires: gnupg2
Requires: libsepol%{?_isa} >= %{libsepolver} pcre2
Requires: libsepol%{?_isa} >= %{libsepolver} pcre2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -87,6 +99,7 @@ The libselinux-static package contains the static libraries
needed for developing SELinux applications.
needed for developing SELinux applications.
%prep
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p 2 -n libselinux-%{version}
%autosetup -p 2 -n libselinux-%{version}
%build
%build
@ -160,8 +173,8 @@ rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
install -d %{buildroot}%{_mandir}/man8/
install -d %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE1 } %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE3 } %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE2 } %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE4 } %{buildroot}%{_mandir}/man8/
rm -f %{buildroot}%{_mandir}/man8/togglesebool*
rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%ldconfig_scriptlets
%ldconfig_scriptlets
@ -176,6 +189,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{_sbindir}/avcstat
%{_sbindir}/avcstat
%{_sbindir}/getenforce
%{_sbindir}/getenforce
%{_sbindir}/getpidprevcon
%{_sbindir}/getpidprevcon
%{_sbindir}/getpolicyload
%{_sbindir}/getsebool
%{_sbindir}/getsebool
%{_sbindir}/matchpathcon
%{_sbindir}/matchpathcon
%{_sbindir}/sefcontext_compile
%{_sbindir}/sefcontext_compile
@ -193,8 +207,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{_sbindir}/validatetrans
%{_sbindir}/validatetrans
%{_mandir}/man5/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%{_mandir}/man8/*
%{_mandir}/ru/man5/*
%{_mandir}/ru/man8/*
%files devel
%files devel
%{_libdir}/libselinux.so
%{_libdir}/libselinux.so
@ -214,27 +226,109 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{ruby_vendorarchdir}/selinux.so
%{ruby_vendorarchdir}/selinux.so
%changelog
%changelog
* Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.7-3
- Rebuilt for MSVSphere 10
## START: Generated by rpmautospec
* Fri Aug 09 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-5
- libselinux-3.7-3
- restorecon: Include <selinux/label.h>
- Fix integer comparison issues when compiling for 32-bit
* Tue Jul 09 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-2
- set free'd data to NULL (#2295428)
* Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
- SELinux userspace 3.7 release
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.6-6
- Bump release for June 2024 mass rebuild
* Mon Apr 01 2024 Christoph Erhardt <fedora@sicherha.de> - 3.6-5
- Drop unused `xz-devel` build dependency
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 03 2024 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.6-2
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.3
* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
- SELinux userspace 3.6 release
* Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
- SELinux userspace 3.6-rc2 release
* Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1
- SELinux userspace 3.6-rc1 release
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 22 2023 Vit Mojzis <vmojzis@redhat.com> - 3.5-4
- Add examples to man pages
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 3.5-3
- Rebuilt for Python 3.12
* Fri May 26 2023 Miro Hrončok <mhroncok@redhat.com> - 3.5-2
- Fix build with pip 23.1.2+
- Fixes: rhbz#2209019
* Fri Feb 24 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
- SELinux userspace 3.5 release
- SELinux userspace 3.5 release
* Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
* Mon Feb 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
- SELinux userspace 3.5-rc3 release
- SELinux userspace 3.5-rc3 release
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-0.rc2.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
* Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
- SELinux userspace 3.5-rc2 release
- SELinux userspace 3.5-rc2 release
* Mon Jan 2 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
* Wed Jan 04 2023 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.5-0.rc1.1.1
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2
* Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
- SELinux userspace 3.5-rc1 release
- SELinux userspace 3.5-rc1 release
* Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6
- Drop SHA-1 from selinux_restorecon.3
- Rebase on upstream f56a72ac9e86
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.4-4
- Rebuilt for Python 3.11
* Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
- Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
- Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
* Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
- rebuilt
* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
- SELinux userspace 3.4 release
- SELinux userspace 3.4 release
* Tue May 10 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc3.1
- SELinux userspace 3.4-rc3 release
* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
- SELinux userspace 3.4-rc2 release
* Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
- SELinux userspace 3.4-rc1 release
* Thu Jan 27 2022 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.3-4
- F-36: rebuild against ruby31
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Nov 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
* Mon Nov 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
- Introduce selinux_restorecon_parallel(3)
- Introduce selinux_restorecon_parallel(3)
@ -247,23 +341,14 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
- SELinux userspace 3.3-rc2 release
- SELinux userspace 3.3-rc2 release
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-6
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-5
- Rebase on upstream commit 32611aea6543
- Rebase on upstream commit 32611aea6543
* Fri Jun 25 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-3
- Use SHA-2 instead of SHA-1 (#1934964)
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue May 25 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
* Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 3.2-2
- selinux_check_passwd_access_internal(): respect deny_unknown
- Rebuilt for Python 3.10
- Silence -Wstringop-overflow warning from gcc 10.3.1
- Fixed misc compiler and static analyzer findings
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
- SELinux userspace 3.2 release
- SELinux userspace 3.2 release
@ -602,7 +687,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
- Update to upstream
- Update to upstream
* Get rid of security_context_t and fix const declarations.
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
@ -632,7 +717,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Add ghost flag for /var/run/setrans
- Add ghost flag for /var/run/setrans
* Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1
* Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1
- Update to upstream
- Update to upstream
* Fix userspace AVC handling of per-domain permissive mode.
* Fix userspace AVC handling of per-domain permissive mode.
- Verify context is not null when passed into *setfilecon_raw
- Verify context is not null when passed into *setfilecon_raw
@ -652,12 +737,12 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Remove togglesebool man page
- Remove togglesebool man page
* Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1
* Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1
- Update to upstream
- Update to upstream
* Remove -lpthread from pkg-config file; it is not required.
* Remove -lpthread from pkg-config file; it is not required.
- Add support for policy compressed with xv
- Add support for policy compressed with xv
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
- Update to upstream
- Update to upstream
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* Support overriding Makefile RANLIB from Sven Vermeulen.
* Support overriding Makefile RANLIB from Sven Vermeulen.
* Update pkgconfig definition from Sven Vermeulen.
* Update pkgconfig definition from Sven Vermeulen.
@ -687,7 +772,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Do substitutions on a local sub followed by a dist sub
- Do substitutions on a local sub followed by a dist sub
* Thu Oct 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-20
* Thu Oct 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-20
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek
Resolves #1013801
Resolves #1013801
* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-19
* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-19
@ -716,7 +801,7 @@ Resolves #1013801
- Add Eric Paris patch to fix procattr calls after a fork.
- Add Eric Paris patch to fix procattr calls after a fork.
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12
- Move secolor.conf.5 into mcstrans package and out of libselinux
- Move secolor.conf.5 into mcstrans package and out of libselinux
* Wed Mar 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-11
* Wed Mar 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-11
- Fix python bindings for selinux_check_access
- Fix python bindings for selinux_check_access
@ -752,7 +837,7 @@ Resolves #1013801
- Revert some changes which are causing the wrong policy version file to be created
- Revert some changes which are causing the wrong policy version file to be created
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-1
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-1
- Update to upstream
- Update to upstream
* audit2why: make sure path is nul terminated
* audit2why: make sure path is nul terminated
* utils: new file context regex compiler
* utils: new file context regex compiler
* label_file: use precompiled filecontext when possible
* label_file: use precompiled filecontext when possible
@ -778,7 +863,7 @@ Resolves #1013801
* unmap file contexts on selabel_close()
* unmap file contexts on selabel_close()
* do not leak file contexts with mmap'd backend
* do not leak file contexts with mmap'd backend
* sefcontext_compile: do not leak fd on error
* sefcontext_compile: do not leak fd on error
* matchmediacon: do not leak fd
* matchmediacon: do not leak fd
* src/label_android_property: do not leak fd on error
* src/label_android_property: do not leak fd on error
* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20
* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20
@ -847,7 +932,7 @@ Resolves #1013801
- Rebuild with fixed libsepol
- Rebuild with fixed libsepol
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
- Update to upstream
- Update to upstream
* Add support for lxc_contexts_path
* Add support for lxc_contexts_path
* utils: add service to getdefaultcon
* utils: add service to getdefaultcon
* libsemanage: do not set soname needlessly
* libsemanage: do not set soname needlessly
@ -896,7 +981,7 @@ Resolves #1013801
- Revert Eric Paris Patch for selinux_binary_policy_path
- Revert Eric Paris Patch for selinux_binary_policy_path
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
- Update to upstream
- Update to upstream
* Fortify source now requires all code to be compiled with -O flag
* Fortify source now requires all code to be compiled with -O flag
* asprintf return code must be checked
* asprintf return code must be checked
* avc_netlink_recieve handle EINTR
* avc_netlink_recieve handle EINTR
@ -910,7 +995,7 @@ Resolves #1013801
* additional makefile support for rubywrap
* additional makefile support for rubywrap
* Mon Jun 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5
* Mon Jun 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5
- Fix booleans.subs name, change function name to selinux_boolean_sub,
- Fix booleans.subs name, change function name to selinux_boolean_sub,
add man page, minor fixes to the function
add man page, minor fixes to the function
* Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
* Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
@ -926,7 +1011,7 @@ Resolves #1013801
- Add support fot boolean subs file
- Add support fot boolean subs file
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
- Update to upstream
- Update to upstream
* Fix dead links to www.nsa.gov/selinux
* Fix dead links to www.nsa.gov/selinux
* Remove jump over variable declaration
* Remove jump over variable declaration
* Fix old style function definitions
* Fix old style function definitions
@ -962,7 +1047,7 @@ Resolves #1013801
- Make work with ruby-1.9
- Make work with ruby-1.9
* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-7
* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-7
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather
* Sun Jan 29 2012 Kay Sievers <kay@redhat.com> - 2.1.9-6
* Sun Jan 29 2012 Kay Sievers <kay@redhat.com> - 2.1.9-6
- use /sbin/ldconfig, glibc does not provide
- use /sbin/ldconfig, glibc does not provide
@ -1042,7 +1127,7 @@ Resolves #1013801
- Add selinux_check_access function. Needed for passwd, chfn, chsh
- Add selinux_check_access function. Needed for passwd, chfn, chsh
* Thu Sep 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
* Thu Sep 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
- Handle situation where selinux=0 passed to the kernel and both /selinux and
- Handle situation where selinux=0 passed to the kernel and both /selinux and
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
-Update to upstream
-Update to upstream
@ -1062,8 +1147,8 @@ Resolves #1013801
- Fix handling of subset labeling that is causing segfault in restorecon
- Fix handling of subset labeling that is causing segfault in restorecon
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial
prefixes. Now you can specify a ";" separated list of prefixes and the
prefixes. Now you can specify a ";" separated list of prefixes and the
labeling system will only load regular expressions that match these prefixes.
labeling system will only load regular expressions that match these prefixes.
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
@ -1116,7 +1201,7 @@ labeling system will only load regular expressions that match these prefixes.
* Update man pages for selinux_color_* functions by Richard Haines.
* Update man pages for selinux_color_* functions by Richard Haines.
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.102-6
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.102-6
- Only call dups check within selabel/matchpathcon if you are validating the
- Only call dups check within selabel/matchpathcon if you are validating the
context
context
- This seems to speed the loading of labels by 4 times.
- This seems to speed the loading of labels by 4 times.
@ -1155,15 +1240,15 @@ context
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-4
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-4
Add patch from dbhole@redhat.com to initialize thread keys to -1
Add patch from dbhole@redhat.com to initialize thread keys to -1
Errors were being seen in libpthread/libdl that were related
Errors were being seen in libpthread/libdl that were related
to corrupt thread specific keys. Global destructors that are called on dl
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
default is 0, there is a possibility that key 0 for an active thread gets
deleted. This is exactly what is happening in case of OpenJDK.
deleted. This is exactly what is happening in case of OpenJDK.
Workaround patch that initializes the key to -1. Thus if the constructor is not
Workaround patch that initializes the key to -1. Thus if the constructor is not
called, the destructor tries to delete key -1 which is deemed invalid by
called, the destructor tries to delete key -1 which is deemed invalid by
pthread_key_delete, and is ignored.
pthread_key_delete, and is ignored.
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-3
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-3
@ -1186,11 +1271,11 @@ pthread_key_delete, and is ignored.
- Fix Makefile to use pkg-config --cflags python3 to discover include paths
- Fix Makefile to use pkg-config --cflags python3 to discover include paths
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.98-1
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.98-1
- Update to upstream
- Update to upstream
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
* Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1
* Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1
- Update to upstream
- Update to upstream
* Thread local storage fixes from Eamon Walsh.
* Thread local storage fixes from Eamon Walsh.
* Sat Dec 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-9
* Sat Dec 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-9
@ -1218,31 +1303,31 @@ pthread_key_delete, and is ignored.
- Turn off messages in audit2why
- Turn off messages in audit2why
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-1
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-1
- Update to upstream
- Update to upstream
* Add const qualifiers to public API where appropriate by KaiGai Kohei.
* Add const qualifiers to public API where appropriate by KaiGai Kohei.
2.0.95 2010-06-10
2.0.95 2010-06-10
* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
* Adds a chcon method to the libselinux python bindings from Steve Lawrence
* Adds a chcon method to the libselinux python bindings from Steve Lawrence
- add python3 subpackage from David Malcolm
- add python3 subpackage from David Malcolm
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1
* Set errno=EINVAL for invalid contexts from Dan Walsh.
* Set errno=EINVAL for invalid contexts from Dan Walsh.
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1
- Update to upstream
- Update to upstream
* Show strerror for security_getenforce() by Colin Waters.
* Show strerror for security_getenforce() by Colin Waters.
* Merged selabel database support by KaiGai Kohei.
* Merged selabel database support by KaiGai Kohei.
* Modify netlink socket blocking code by KaiGai Kohei.
* Modify netlink socket blocking code by KaiGai Kohei.
* Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1
* Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1
- Update to upstream
- Update to upstream
* Fix from Eric Paris to fix leak on non-selinux systems.
* Fix from Eric Paris to fix leak on non-selinux systems.
* regenerate swig wrappers
* regenerate swig wrappers
* pkgconfig fix to respect LIBDIR from Dan Walsh.
* pkgconfig fix to respect LIBDIR from Dan Walsh.
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
- Update to upstream
- Update to upstream
* Change the AVC to only audit the permissions specified by the
* Change the AVC to only audit the permissions specified by the
policy, excluding any permissions specified via dontaudit or not
policy, excluding any permissions specified via dontaudit or not
specified via auditallow.
specified via auditallow.
@ -1261,7 +1346,7 @@ pthread_key_delete, and is ignored.
- Free memory on disabled selinux boxes
- Free memory on disabled selinux boxes
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.90-1
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.90-1
- Update to upstream
- Update to upstream
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>
* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>
@ -1269,15 +1354,15 @@ pthread_key_delete, and is ignored.
- Fix selinuxdefcon man page
- Fix selinuxdefcon man page
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.89-1
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.89-1
- Update to upstream
- Update to upstream
* Add pkgconfig file from Eamon Walsh.
* Add pkgconfig file from Eamon Walsh.
* Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.88-1
* Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.88-1
- Update to upstream
- Update to upstream
* Rename and export selinux_reset_config()
* Rename and export selinux_reset_config()
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.87-1
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.87-1
- Update to upstream
- Update to upstream
* Add exception handling in libselinux from Dan Walsh. This uses a
* Add exception handling in libselinux from Dan Walsh. This uses a
shell script called exception.sh to generate a swig interface file.
shell script called exception.sh to generate a swig interface file.
* make swigify
* make swigify
@ -1287,14 +1372,14 @@ pthread_key_delete, and is ignored.
- Eliminate -pthread switch in Makefile
- Eliminate -pthread switch in Makefile
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.86-1
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.86-1
- Update to upstream
- Update to upstream
* Removal of reference counting on userspace AVC SID's.
* Removal of reference counting on userspace AVC SID's.
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-2
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.85-1
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.85-1
- Update to upstream
- Update to upstream
* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
pthread dependency.
pthread dependency.
* Removed fini_context_translations() altogether.
* Removed fini_context_translations() altogether.
@ -1302,7 +1387,7 @@ pthread_key_delete, and is ignored.
by Steve Grubb.
by Steve Grubb.
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1
- Update to upstream
- Update to upstream
* Add per-service seuser support from Dan Walsh.
* Add per-service seuser support from Dan Walsh.
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
@ -1312,20 +1397,20 @@ pthread_key_delete, and is ignored.
- Add provices ruby(selinux)
- Add provices ruby(selinux)
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-1
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-1
- Update to upstream
- Update to upstream
* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
* Label substitution support from Dan Walsh.
* Label substitution support from Dan Walsh.
* Support for labeling virtual machine images from Dan Walsh.
* Support for labeling virtual machine images from Dan Walsh.
* Mon May 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.81-1
* Mon May 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.81-1
- Update to upstream
- Update to upstream
* Trim / from the end of input paths to matchpathcon from Dan Walsh.
* Trim / from the end of input paths to matchpathcon from Dan Walsh.
* Fix leak in process_line in label_file.c from Hiroshi Shinji.
* Fix leak in process_line in label_file.c from Hiroshi Shinji.
* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.80-1
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.80-1
- Update to upstream
- Update to upstream
* deny_unknown wrapper function from KaiGai Kohei.
* deny_unknown wrapper function from KaiGai Kohei.
* security_compute_av_flags API from KaiGai Kohei.
* security_compute_av_flags API from KaiGai Kohei.
* Netlink socket management and callbacks from KaiGai Kohei.
* Netlink socket management and callbacks from KaiGai Kohei.
@ -1343,22 +1428,22 @@ pthread_key_delete, and is ignored.
- Add back in av_decision to python swig
- Add back in av_decision to python swig
* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-1
* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-1
- Update to upstream
- Update to upstream
* Netlink socket handoff patch from Adam Jackson.
* Netlink socket handoff patch from Adam Jackson.
* AVC caching of compute_create results by Eric Paris.
* AVC caching of compute_create results by Eric Paris.
* Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-5
* Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-5
- Add patch from ajax to accellerate X SELinux
- Add patch from ajax to accellerate X SELinux
- Update eparis patch
- Update eparis patch
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-4
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-4
- Add eparis patch to accellerate Xwindows performance
- Add eparis patch to accellerate Xwindows performance
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-3
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-3
- Fix URL
- Fix URL
* Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-2
* Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-2
- Add substitute pattern
- Add substitute pattern
- matchpathcon output <<none>> on ENOENT
- matchpathcon output <<none>> on ENOENT
* Mon Mar 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-1
* Mon Mar 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-1
@ -1369,7 +1454,7 @@ pthread_key_delete, and is ignored.
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-5
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-5
- Add
- Add
- selinux_virtual_domain_context_path
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
- selinux_virtual_image_context_path
@ -1416,7 +1501,7 @@ pthread_key_delete, and is ignored.
* Update flask headers from refpolicy trunk from Dan Walsh.
* Update flask headers from refpolicy trunk from Dan Walsh.
* Fri Sep 26 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-6
* Fri Sep 26 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-6
- Fix matchpathcon -V call
- Fix matchpathcon -V call
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-5
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-5
- Add flask definitions for open, X and nlmsg_tty_audit
- Add flask definitions for open, X and nlmsg_tty_audit
@ -1576,7 +1661,7 @@ pthread_key_delete, and is ignored.
- smp_mflag
- smp_mflag
* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-2
* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-2
- Fix spec file caused by spec review
- Fix spec file caused by spec review
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
- Upgrade to upstream
- Upgrade to upstream
@ -1618,7 +1703,7 @@ pthread_key_delete, and is ignored.
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1
- Upgrade to upstream
- Upgrade to upstream
* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.34-3
* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.34-3
- Add sparc patch to from Dennis Gilmore to build on Sparc platform
- Add sparc patch to from Dennis Gilmore to build on Sparc platform
@ -1650,7 +1735,7 @@ pthread_key_delete, and is ignored.
* Fix file_contexts.homedirs path from Todd Miller.
* Fix file_contexts.homedirs path from Todd Miller.
* Tue Aug 21 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-2
* Tue Aug 21 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-2
- Remove requirement on setransd, Moved to selinux-policy-mls
- Remove requirement on setransd, Moved to selinux-policy-mls
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1
- Move libselinux.so into devel package
- Move libselinux.so into devel package
@ -1662,7 +1747,7 @@ pthread_key_delete, and is ignored.
* Fri Aug 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.29-1
* Fri Aug 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.29-1
- Upgrade to upstream
- Upgrade to upstream
* Updated version for stable branch.
* Updated version for stable branch.
* Added x_contexts path function patch from Eamon Walsh.
* Added x_contexts path function patch from Eamon Walsh.
* Fix build for EMBEDDED=y from Yuichi Nakamura.
* Fix build for EMBEDDED=y from Yuichi Nakamura.
* Fix markup problems in selinux man pages from Dan Walsh.
* Fix markup problems in selinux man pages from Dan Walsh.
@ -1783,13 +1868,13 @@ pthread_key_delete, and is ignored.
of the use of the non-standard format (original patch changed
of the use of the non-standard format (original patch changed
for style).
for style).
- Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
- Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
- Add context function to python to split context into 4 parts
- Add context function to python to split context into 4 parts
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-1
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-1
- Upgrade to upstream
- Upgrade to upstream
* Updated version for stable branch.
* Updated version for stable branch.
* Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.6-1
* Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.6-1
- Upgrade to upstream
- Upgrade to upstream
@ -1910,8 +1995,8 @@ Resolves: #200110
- only build non-fpic objects with -mno-tls-direct-seg-refs
- only build non-fpic objects with -mno-tls-direct-seg-refs
* Tue Aug 1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-4
* Tue Aug 1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-4
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering
segfaults with xen (#200783)
segfaults with xen (#200783)
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-3
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-3
- Rebuild for new gcc
- Rebuild for new gcc
@ -1963,7 +2048,7 @@ Resolves: #200110
- Check for selinux_mnt == NULL
- Check for selinux_mnt == NULL
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
- Merged matchmediacon and trans_to_raw_context fixes from
- Merged matchmediacon and trans_to_raw_context fixes from
Serge Hallyn.
Serge Hallyn.
* Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4
* Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4
@ -2007,7 +2092,7 @@ Resolves: #200110
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
- Upgrade to latest from NSA
- Upgrade to latest from NSA
* Merged fix warnings patch from Karl MacMillan.
* Merged fix warnings patch from Karl MacMillan.
* Merged setrans client support from Dan Walsh.
* Merged setrans client support from Dan Walsh.
This removes use of libsetrans.
This removes use of libsetrans.
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
@ -2099,7 +2184,7 @@ Resolves: #200110
allocated by libsetrans.
allocated by libsetrans.
* Sun Dec 11 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-3
* Sun Dec 11 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-3
- update to latest libsetrans
- update to latest libsetrans
- Fix potential memory leak
- Fix potential memory leak
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
@ -2234,7 +2319,7 @@ Resolves: #200110
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
- Update to latest from NSA
- Update to latest from NSA
* Changed getseuserbyname to fall back to the Linux username and
* Changed getseuserbyname to fall back to the Linux username and
NULL level if seusers config file doesn't exist unless
NULL level if seusers config file doesn't exist unless
REQUIRESEUSERS=1 is set in /etc/selinux/config.
REQUIRESEUSERS=1 is set in /etc/selinux/config.
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
@ -2242,7 +2327,7 @@ Resolves: #200110
- Update to latest from NSA
- Update to latest from NSA
* Added selinux_init_load_policy() function as an even higher level
* Added selinux_init_load_policy() function as an even higher level
interface for the initial policy load by /sbin/init. This obsoletes
interface for the initial policy load by /sbin/init. This obsoletes
the load_policy() function in the sysvinit-selinux.patch.
the load_policy() function in the sysvinit-selinux.patch.
* Added selinux_mkload_policy() function as a higher level interface
* Added selinux_mkload_policy() function as a higher level interface
for loading policy than the security_load_policy() interface.
for loading policy than the security_load_policy() interface.
@ -2300,7 +2385,7 @@ Resolves: #200110
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
- Update from NSA
- Update from NSA
* Hid translation-related symbols entirely and ensured that
* Hid translation-related symbols entirely and ensured that
raw functions have hidden definitions for internal use.
raw functions have hidden definitions for internal use.
* Allowed setting NULL via context_set* functions.
* Allowed setting NULL via context_set* functions.
* Allowed whitespace in MLS component of context.
* Allowed whitespace in MLS component of context.
@ -2324,7 +2409,7 @@ Resolves: #200110
code from Serge Hallyn (IBM). Bugs found by Coverity.
code from Serge Hallyn (IBM). Bugs found by Coverity.
* Removed setupns; migrated to pam.
* Removed setupns; migrated to pam.
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
Original symbol is temporarily retained for compatibility until
Original symbol is temporarily retained for compatibility until
all callers are updated.
all callers are updated.
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.24.2-1
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.24.2-1
@ -2338,9 +2423,9 @@ Resolves: #200110
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
- Update from NSA
- Update from NSA
* Merged avcstat and selinux man page from Dan Walsh.
* Merged avcstat and selinux man page from Dan Walsh.
* Changed security_load_booleans to process booleans.local
* Changed security_load_booleans to process booleans.local
even if booleans file doesn't exist.
even if booleans file doesn't exist.
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
- Fix avcstat to clear totals
- Fix avcstat to clear totals
@ -2392,7 +2477,7 @@ Resolves: #200110
- Update from NSA
- Update from NSA
* Added set_matchpathcon_flags() function for setting flags
* Added set_matchpathcon_flags() function for setting flags
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
means only process the base file_contexts file, not
means only process the base file_contexts file, not
file_contexts.homedirs or file_contexts.local, and is for use by
file_contexts.homedirs or file_contexts.local, and is for use by
setfiles -c.
setfiles -c.
* Updated matchpathcon.3 man page.
* Updated matchpathcon.3 man page.
@ -2480,7 +2565,7 @@ Resolves: #200110
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.4-1
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.4-1
- Update to latest from upstream
- Update to latest from upstream
* Changed matchpathcon to return -1 with errno ENOENT for
* Changed matchpathcon to return -1 with errno ENOENT for
<<none>> entries, and also for an empty file_contexts configuration.
<<none>> entries, and also for an empty file_contexts configuration.
* Tue Dec 28 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-3
* Tue Dec 28 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-3
@ -2512,7 +2597,7 @@ Resolves: #200110
- Update from upstream, fix setsebool -P segfault
- Update from upstream, fix setsebool -P segfault
* Fri Nov 5 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-5
* Fri Nov 5 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-5
- Add a patch from upstream. Fixes signed/unsigned issues, and
- Add a patch from upstream. Fixes signed/unsigned issues, and
incomplete structure copy.
incomplete structure copy.
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-4
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-4
@ -2584,11 +2669,11 @@ Resolves: #200110
* Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1
* Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1
- Update from NSA
- Update from NSA
* Added set_matchpathcon_printf.
* Added set_matchpathcon_printf.
* Wed Sep 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
* Wed Sep 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
- Update from NSA
- Update from NSA
* Reworked av_inherit.h to allow easier re-use by kernel.
* Reworked av_inherit.h to allow easier re-use by kernel.
* Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
* Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
- Add strcasecmp in selinux_config
- Add strcasecmp in selinux_config
@ -2713,11 +2798,11 @@ Resolves: #200110
- Update with latest from NSA
- Update with latest from NSA
* Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1
* Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1
- Add changes for relaxed policy
- Add changes for relaxed policy
- Update to match NSA
- Update to match NSA
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1
- Add relaxed policy changes
- Add relaxed policy changes
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
- Sync with NSA
- Sync with NSA
@ -2790,7 +2875,7 @@ Resolves: #200110
- Add mntpoint patch for SysVinit
- Add mntpoint patch for SysVinit
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Add -r -u -t to getcon
- Add -r -u -t to getcon
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
- Upgrade to latest from NSA
- Upgrade to latest from NSA
@ -2830,3 +2915,5 @@ Resolves: #200110
* Tue May 27 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
* Tue May 27 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version
- Initial version
## END: Generated by rpmautospec