@ -1,43 +1,27 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autochangelog
## END: Set by rpmautospec
%define ruby_inc %(pkg-config --cflags ruby)
%define libsepolver 3.7 -1
%define libsepolver 3.5-1
Summary: SELinux library and simple utilities
Name: libselinux
Version: 3.7
Release: 5 %{?dist}
License: LicenseRef-Fedora-Public- Domain
Version: 3.5
Release: 1 %{?dist}
License: Public Domain
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libselinux-3.7.tar.gz.asc
Source2: https://github.com/bachradsusi.gpg
Source3: selinuxconlist.8
Source4: selinuxdefcon.8
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libselinux-3.5.tar.gz
Source1: selinuxconlist.8
Source2: selinuxdefcon.8
Url: https://github.com/SELinuxProject/selinux/wiki
# $ git clone https://github.com/fedora-selinux/selinux.git
# $ cd selinux
# $ git format-patch -N 3.7 -- libselinux
# $ git format-patch -N 3.5 -- libselinux
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
Patch0002: 0002-libselinux-set-free-d-data-to-NULL.patch
Patch0003: 0003-libselinux-restorecon-Include-selinux-label.h.patch
Patch0004: 0004-libselinux-Fix-integer-comparison-issues-when-compil.patch
Patch0005: 0005-libselinux-deprecate-security_disable-3.patch
Patch0006: 0006-libselinux-fix-swig-bindings-for-4.3.0.patch
Patch0007: 0007-libselinux-setexecfilecon-Remove-useless-rc-check.patch
Patch0008: 0008-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch
# Patch list end
BuildRequires: gcc make
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel
BuildRequires: python3 python3-devel python3-setuptools python3-wheel python3- pip
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
BuildRequires: python3 python3-devel python3-pip
BuildRequires: systemd
BuildRequires: gnupg2
Requires: libsepol%{?_isa} >= %{libsepolver} pcre2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -103,7 +87,6 @@ The libselinux-static package contains the static libraries
needed for developing SELinux applications.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p 2 -n libselinux-%{version}
%build
@ -177,8 +160,8 @@ rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context
mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon
mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
install -d %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE3 } %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE4 } %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE1 } %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE2 } %{buildroot}%{_mandir}/man8/
rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%ldconfig_scriptlets
@ -193,7 +176,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{_sbindir}/avcstat
%{_sbindir}/getenforce
%{_sbindir}/getpidprevcon
%{_sbindir}/getpolicyload
%{_sbindir}/getsebool
%{_sbindir}/matchpathcon
%{_sbindir}/sefcontext_compile
@ -211,6 +193,8 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{_sbindir}/validatetrans
%{_mandir}/man5/*
%{_mandir}/man8/*
%{_mandir}/ru/man5/*
%{_mandir}/ru/man8/*
%files devel
%{_libdir}/libselinux.so
@ -230,119 +214,27 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{ruby_vendorarchdir}/selinux.so
%changelog
## START: Generated by rpmautospec
* Tue Nov 12 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-5
- setexecfilecon: Remove useless rc check (RHEL-35586)
- matchpathcon: RESOURCE_LEAK: Variable "con" (RHEL-35584)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.7-4
- Bump release for October 2024 mass rebuild (RHEL-64018)
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.7-3.1
- Rebuilt for MSVSphere 10
* Thu Oct 17 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-3.1
- fix swig bindings for 4.3.0
- deprecate security_disable(3)
* Fri Aug 09 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-3
- restorecon: Include <selinux/label.h> (RHEL-53852)
- Fix integer comparison issues when compiling for 32-bit
* Tue Jul 09 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-2
- set free'd data to NULL (#2295428)
* Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
- SELinux userspace 3.7 release
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.6-6
- Bump release for June 2024 mass rebuild
* Mon Apr 01 2024 Christoph Erhardt <fedora@sicherha.de> - 3.6-5
- Drop unused `xz-devel` build dependency
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 03 2024 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.6-2
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.3
* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
- SELinux userspace 3.6 release
* Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
- SELinux userspace 3.6-rc2 release
* Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1
- SELinux userspace 3.6-rc1 release
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 22 2023 Vit Mojzis <vmojzis@redhat.com> - 3.5-4
- Add examples to man pages
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 3.5-3
- Rebuilt for Python 3.12
* Fri May 26 2023 Miro Hrončok <mhroncok@redhat.com> - 3.5-2
- Fix build with pip 23.1.2+
- Fixes: rhbz#2209019
* Fri Feb 24 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
* Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
- SELinux userspace 3.5 release
* Mon Feb 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
* Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
- SELinux userspace 3.5-rc3 release
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-0.rc2.1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
- SELinux userspace 3.5-rc2 release
* Wed Jan 04 2023 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.5-0.rc1.1.1
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2
* Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
* Mon Jan 2 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
- SELinux userspace 3.5-rc1 release
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-6
- Rebase on upstream f56a72ac9e86
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
- Drop SHA-1 from selinux_restorecon.3
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.4-4
- Rebuilt for Python 3.11
* Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
* Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
- Revert "libselinux: restorecon: pin file to avoid TOCTOU issues"
* Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
- rebuilt
* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1
- SELinux userspace 3.4 release
* Tue May 10 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc3.1
- SELinux userspace 3.4-rc3 release
* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
- SELinux userspace 3.4-rc2 release
* Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
- SELinux userspace 3.4-rc1 release
* Thu Jan 27 2022 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.3-4
- F-36: rebuild against ruby31
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Nov 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
- Introduce selinux_restorecon_parallel(3)
@ -355,14 +247,23 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
- SELinux userspace 3.3-rc2 release
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-5
- Rebase on upstream commit 32611aea6543
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 25 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-4
- Use SHA-2 instead of SHA-1 (#1934964)
* Tue May 25 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
- selinux_check_passwd_access_internal(): respect deny_unknown
- Silence -Wstringop-overflow warning from gcc 10.3.1
- Fixed misc compiler and static analyzer findings
* Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 3.2-2
- Rebuilt for Python 3.10
* Fri Apr 16 2021 Mohan Boddu <mboddu @redhat.com> - 3.2-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
- SELinux userspace 3.2 release
@ -701,7 +602,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
- Update to upstream
- Update to upstream
* Get rid of security_context_t and fix const declarations.
* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
@ -731,7 +632,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Add ghost flag for /var/run/setrans
* Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1
- Update to upstream
- Update to upstream
* Fix userspace AVC handling of per-domain permissive mode.
- Verify context is not null when passed into *setfilecon_raw
@ -751,12 +652,12 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Remove togglesebool man page
* Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1
- Update to upstream
- Update to upstream
* Remove -lpthread from pkg-config file; it is not required.
- Add support for policy compressed with xv
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
- Update to upstream
- Update to upstream
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* Support overriding Makefile RANLIB from Sven Vermeulen.
* Update pkgconfig definition from Sven Vermeulen.
@ -786,7 +687,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
- Do substitutions on a local sub followed by a dist sub
* Thu Oct 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-20
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek
Resolves #1013801
* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-19
@ -815,7 +716,7 @@ Resolves #1013801
- Add Eric Paris patch to fix procattr calls after a fork.
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12
- Move secolor.conf.5 into mcstrans package and out of libselinux
- Move secolor.conf.5 into mcstrans package and out of libselinux
* Wed Mar 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-11
- Fix python bindings for selinux_check_access
@ -851,7 +752,7 @@ Resolves #1013801
- Revert some changes which are causing the wrong policy version file to be created
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-1
- Update to upstream
- Update to upstream
* audit2why: make sure path is nul terminated
* utils: new file context regex compiler
* label_file: use precompiled filecontext when possible
@ -877,7 +778,7 @@ Resolves #1013801
* unmap file contexts on selabel_close()
* do not leak file contexts with mmap'd backend
* sefcontext_compile: do not leak fd on error
* matchmediacon: do not leak fd
* matchmediacon: do not leak fd
* src/label_android_property: do not leak fd on error
* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20
@ -946,7 +847,7 @@ Resolves #1013801
- Rebuild with fixed libsepol
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
- Update to upstream
- Update to upstream
* Add support for lxc_contexts_path
* utils: add service to getdefaultcon
* libsemanage: do not set soname needlessly
@ -995,7 +896,7 @@ Resolves #1013801
- Revert Eric Paris Patch for selinux_binary_policy_path
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
- Update to upstream
- Update to upstream
* Fortify source now requires all code to be compiled with -O flag
* asprintf return code must be checked
* avc_netlink_recieve handle EINTR
@ -1009,7 +910,7 @@ Resolves #1013801
* additional makefile support for rubywrap
* Mon Jun 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5
- Fix booleans.subs name, change function name to selinux_boolean_sub,
- Fix booleans.subs name, change function name to selinux_boolean_sub,
add man page, minor fixes to the function
* Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
@ -1025,7 +926,7 @@ Resolves #1013801
- Add support fot boolean subs file
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
- Update to upstream
- Update to upstream
* Fix dead links to www.nsa.gov/selinux
* Remove jump over variable declaration
* Fix old style function definitions
@ -1061,7 +962,7 @@ Resolves #1013801
- Make work with ruby-1.9
* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-7
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather
* Sun Jan 29 2012 Kay Sievers <kay@redhat.com> - 2.1.9-6
- use /sbin/ldconfig, glibc does not provide
@ -1141,7 +1042,7 @@ Resolves #1013801
- Add selinux_check_access function. Needed for passwd, chfn, chsh
* Thu Sep 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
- Handle situation where selinux=0 passed to the kernel and both /selinux and
- Handle situation where selinux=0 passed to the kernel and both /selinux and
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
-Update to upstream
@ -1161,8 +1062,8 @@ Resolves #1013801
- Fix handling of subset labeling that is causing segfault in restorecon
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial
prefixes. Now you can specify a ";" separated list of prefixes and the
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial
prefixes. Now you can specify a ";" separated list of prefixes and the
labeling system will only load regular expressions that match these prefixes.
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
@ -1215,7 +1116,7 @@ labeling system will only load regular expressions that match these prefixes.
* Update man pages for selinux_color_* functions by Richard Haines.
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.102-6
- Only call dups check within selabel/matchpathcon if you are validating the
- Only call dups check within selabel/matchpathcon if you are validating the
context
- This seems to speed the loading of labels by 4 times.
@ -1254,15 +1155,15 @@ context
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-4
Add patch from dbhole@redhat.com to initialize thread keys to -1
Errors were being seen in libpthread/libdl that were related
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
deleted. This is exactly what is happening in case of OpenJDK.
Workaround patch that initializes the key to -1. Thus if the constructor is not
called, the destructor tries to delete key -1 which is deemed invalid by
called, the destructor tries to delete key -1 which is deemed invalid by
pthread_key_delete, and is ignored.
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-3
@ -1285,11 +1186,11 @@ pthread_key_delete, and is ignored.
- Fix Makefile to use pkg-config --cflags python3 to discover include paths
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.98-1
- Update to upstream
- Update to upstream
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
* Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1
- Update to upstream
- Update to upstream
* Thread local storage fixes from Eamon Walsh.
* Sat Dec 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-9
@ -1317,31 +1218,31 @@ pthread_key_delete, and is ignored.
- Turn off messages in audit2why
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-1
- Update to upstream
- Update to upstream
* Add const qualifiers to public API where appropriate by KaiGai Kohei.
2.0.95 2010-06-10
* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
* Adds a chcon method to the libselinux python bindings from Steve Lawrence
- add python3 subpackage from David Malcolm
- add python3 subpackage from David Malcolm
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1
* Set errno=EINVAL for invalid contexts from Dan Walsh.
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1
- Update to upstream
- Update to upstream
* Show strerror for security_getenforce() by Colin Waters.
* Merged selabel database support by KaiGai Kohei.
* Modify netlink socket blocking code by KaiGai Kohei.
* Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1
- Update to upstream
- Update to upstream
* Fix from Eric Paris to fix leak on non-selinux systems.
* regenerate swig wrappers
* pkgconfig fix to respect LIBDIR from Dan Walsh.
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1
- Update to upstream
- Update to upstream
* Change the AVC to only audit the permissions specified by the
policy, excluding any permissions specified via dontaudit or not
specified via auditallow.
@ -1360,7 +1261,7 @@ pthread_key_delete, and is ignored.
- Free memory on disabled selinux boxes
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.90-1
- Update to upstream
- Update to upstream
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>
@ -1368,15 +1269,15 @@ pthread_key_delete, and is ignored.
- Fix selinuxdefcon man page
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.89-1
- Update to upstream
- Update to upstream
* Add pkgconfig file from Eamon Walsh.
* Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.88-1
- Update to upstream
- Update to upstream
* Rename and export selinux_reset_config()
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.87-1
- Update to upstream
- Update to upstream
* Add exception handling in libselinux from Dan Walsh. This uses a
shell script called exception.sh to generate a swig interface file.
* make swigify
@ -1386,14 +1287,14 @@ pthread_key_delete, and is ignored.
- Eliminate -pthread switch in Makefile
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.86-1
- Update to upstream
- Update to upstream
* Removal of reference counting on userspace AVC SID's.
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.85-1
- Update to upstream
- Update to upstream
* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
pthread dependency.
* Removed fini_context_translations() altogether.
@ -1401,7 +1302,7 @@ pthread_key_delete, and is ignored.
by Steve Grubb.
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1
- Update to upstream
- Update to upstream
* Add per-service seuser support from Dan Walsh.
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
@ -1411,20 +1312,20 @@ pthread_key_delete, and is ignored.
- Add provices ruby(selinux)
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-1
- Update to upstream
- Update to upstream
* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
* Label substitution support from Dan Walsh.
* Support for labeling virtual machine images from Dan Walsh.
* Mon May 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.81-1
- Update to upstream
- Update to upstream
* Trim / from the end of input paths to matchpathcon from Dan Walsh.
* Fix leak in process_line in label_file.c from Hiroshi Shinji.
* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.80-1
- Update to upstream
- Update to upstream
* deny_unknown wrapper function from KaiGai Kohei.
* security_compute_av_flags API from KaiGai Kohei.
* Netlink socket management and callbacks from KaiGai Kohei.
@ -1442,22 +1343,22 @@ pthread_key_delete, and is ignored.
- Add back in av_decision to python swig
* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-1
- Update to upstream
- Update to upstream
* Netlink socket handoff patch from Adam Jackson.
* AVC caching of compute_create results by Eric Paris.
* Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-5
- Add patch from ajax to accellerate X SELinux
- Add patch from ajax to accellerate X SELinux
- Update eparis patch
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-4
- Add eparis patch to accellerate Xwindows performance
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-3
- Fix URL
- Fix URL
* Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-2
- Add substitute pattern
- Add substitute pattern
- matchpathcon output <<none>> on ENOENT
* Mon Mar 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-1
@ -1468,7 +1369,7 @@ pthread_key_delete, and is ignored.
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-5
- Add
- Add
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
@ -1515,7 +1416,7 @@ pthread_key_delete, and is ignored.
* Update flask headers from refpolicy trunk from Dan Walsh.
* Fri Sep 26 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-6
- Fix matchpathcon -V call
- Fix matchpathcon -V call
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-5
- Add flask definitions for open, X and nlmsg_tty_audit
@ -1675,7 +1576,7 @@ pthread_key_delete, and is ignored.
- smp_mflag
* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-2
- Fix spec file caused by spec review
- Fix spec file caused by spec review
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
- Upgrade to upstream
@ -1717,7 +1618,7 @@ pthread_key_delete, and is ignored.
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1
- Upgrade to upstream
* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.34-3
- Add sparc patch to from Dennis Gilmore to build on Sparc platform
@ -1749,7 +1650,7 @@ pthread_key_delete, and is ignored.
* Fix file_contexts.homedirs path from Todd Miller.
* Tue Aug 21 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-2
- Remove requirement on setransd, Moved to selinux-policy-mls
- Remove requirement on setransd, Moved to selinux-policy-mls
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1
- Move libselinux.so into devel package
@ -1761,7 +1662,7 @@ pthread_key_delete, and is ignored.
* Fri Aug 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.29-1
- Upgrade to upstream
* Updated version for stable branch.
* Updated version for stable branch.
* Added x_contexts path function patch from Eamon Walsh.
* Fix build for EMBEDDED=y from Yuichi Nakamura.
* Fix markup problems in selinux man pages from Dan Walsh.
@ -1882,13 +1783,13 @@ pthread_key_delete, and is ignored.
of the use of the non-standard format (original patch changed
for style).
- Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
- Add context function to python to split context into 4 parts
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-1
- Upgrade to upstream
* Updated version for stable branch.
* Updated version for stable branch.
* Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.6-1
- Upgrade to upstream
@ -2009,8 +1910,8 @@ Resolves: #200110
- only build non-fpic objects with -mno-tls-direct-seg-refs
* Tue Aug 1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-4
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering
segfaults with xen (#200783)
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering
segfaults with xen (#200783)
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-3
- Rebuild for new gcc
@ -2062,7 +1963,7 @@ Resolves: #200110
- Check for selinux_mnt == NULL
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
- Merged matchmediacon and trans_to_raw_context fixes from
- Merged matchmediacon and trans_to_raw_context fixes from
Serge Hallyn.
* Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4
@ -2106,7 +2007,7 @@ Resolves: #200110
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
- Upgrade to latest from NSA
* Merged fix warnings patch from Karl MacMillan.
* Merged fix warnings patch from Karl MacMillan.
* Merged setrans client support from Dan Walsh.
This removes use of libsetrans.
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
@ -2198,7 +2099,7 @@ Resolves: #200110
allocated by libsetrans.
* Sun Dec 11 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-3
- update to latest libsetrans
- update to latest libsetrans
- Fix potential memory leak
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
@ -2333,7 +2234,7 @@ Resolves: #200110
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
- Update to latest from NSA
* Changed getseuserbyname to fall back to the Linux username and
NULL level if seusers config file doesn't exist unless
NULL level if seusers config file doesn't exist unless
REQUIRESEUSERS=1 is set in /etc/selinux/config.
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
@ -2341,7 +2242,7 @@ Resolves: #200110
- Update to latest from NSA
* Added selinux_init_load_policy() function as an even higher level
interface for the initial policy load by /sbin/init. This obsoletes
the load_policy() function in the sysvinit-selinux.patch.
the load_policy() function in the sysvinit-selinux.patch.
* Added selinux_mkload_policy() function as a higher level interface
for loading policy than the security_load_policy() interface.
@ -2399,7 +2300,7 @@ Resolves: #200110
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
- Update from NSA
* Hid translation-related symbols entirely and ensured that
* Hid translation-related symbols entirely and ensured that
raw functions have hidden definitions for internal use.
* Allowed setting NULL via context_set* functions.
* Allowed whitespace in MLS component of context.
@ -2423,7 +2324,7 @@ Resolves: #200110
code from Serge Hallyn (IBM). Bugs found by Coverity.
* Removed setupns; migrated to pam.
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
Original symbol is temporarily retained for compatibility until
Original symbol is temporarily retained for compatibility until
all callers are updated.
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.24.2-1
@ -2437,9 +2338,9 @@ Resolves: #200110
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
- Update from NSA
* Merged avcstat and selinux man page from Dan Walsh.
* Changed security_load_booleans to process booleans.local
* Changed security_load_booleans to process booleans.local
even if booleans file doesn't exist.
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
- Fix avcstat to clear totals
@ -2491,7 +2392,7 @@ Resolves: #200110
- Update from NSA
* Added set_matchpathcon_flags() function for setting flags
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
means only process the base file_contexts file, not
means only process the base file_contexts file, not
file_contexts.homedirs or file_contexts.local, and is for use by
setfiles -c.
* Updated matchpathcon.3 man page.
@ -2579,7 +2480,7 @@ Resolves: #200110
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.4-1
- Update to latest from upstream
* Changed matchpathcon to return -1 with errno ENOENT for
* Changed matchpathcon to return -1 with errno ENOENT for
<<none>> entries, and also for an empty file_contexts configuration.
* Tue Dec 28 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-3
@ -2611,7 +2512,7 @@ Resolves: #200110
- Update from upstream, fix setsebool -P segfault
* Fri Nov 5 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-5
- Add a patch from upstream. Fixes signed/unsigned issues, and
- Add a patch from upstream. Fixes signed/unsigned issues, and
incomplete structure copy.
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-4
@ -2683,11 +2584,11 @@ Resolves: #200110
* Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1
- Update from NSA
* Added set_matchpathcon_printf.
* Added set_matchpathcon_printf.
* Wed Sep 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
- Update from NSA
* Reworked av_inherit.h to allow easier re-use by kernel.
* Reworked av_inherit.h to allow easier re-use by kernel.
* Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
- Add strcasecmp in selinux_config
@ -2812,11 +2713,11 @@ Resolves: #200110
- Update with latest from NSA
* Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1
- Add changes for relaxed policy
- Update to match NSA
- Add changes for relaxed policy
- Update to match NSA
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1
- Add relaxed policy changes
- Add relaxed policy changes
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
- Sync with NSA
@ -2889,7 +2790,7 @@ Resolves: #200110
- Add mntpoint patch for SysVinit
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Add -r -u -t to getcon
- Add -r -u -t to getcon
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
- Upgrade to latest from NSA
@ -2929,5 +2830,3 @@ Resolves: #200110
* Tue May 27 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version
## END: Generated by rpmautospec