rpms
/
libsepol
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:cs10
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'cs10' and 'c9' have entirely different histories.
cs10 ... c9

12 changed files with 116 additions and 828 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/libsepol-3.7.tar.gz SOURCES/libsepol-3.5.tar.gz

2
.libsepol.metadata
Unescape View File

@ -1 +1 @@
f066bfde61962db11aa025366204c7364702e223 SOURCES/libsepol-3.7.tar.gz 3089ffd091af5a284a230daf77192fccb0695c30 SOURCES/libsepol-3.5.tar.gz

43
SOURCES/0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch
Unescape View File

@ -0,0 +1,43 @@
From 923849fa1cc36580086be542036c4935d7cbfe1c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 23 May 2022 12:25:58 +0200
Subject: [PATCH] libsepol: Bring back POLICYDB_CAPABILITY_* constants
Content-type: text/plain
They were removed by the commit 0d84ebcbc475d ("libsepol: Shorten the
policy capability enum names") but they might be used somewhere in code
deployed on RHEL 9.0
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsepol/include/sepol/policydb/polcaps.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
index f5e32e60975d..e568733b3a33 100644
--- a/libsepol/include/sepol/policydb/polcaps.h
+++ b/libsepol/include/sepol/policydb/polcaps.h
@@ -19,6 +19,20 @@ enum {
};
#define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)
+/* legacy constants from past to preserve backward compatibility */
+enum {
+ POLICYDB_CAPABILITY_NETPEER = POLICYDB_CAP_NETPEER,
+ POLICYDB_CAPABILITY_OPENPERM = POLICYDB_CAP_OPENPERM,
+ POLICYDB_CAPABILITY_EXTSOCKCLASS = POLICYDB_CAP_EXTSOCKCLASS,
+ POLICYDB_CAPABILITY_ALWAYSNETWORK = POLICYDB_CAP_ALWAYSNETWORK,
+ POLICYDB_CAPABILITY_CGROUPSECLABEL = POLICYDB_CAP_CGROUPSECLABEL,
+ POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION = POLICYDB_CAP_NNP_NOSUID_TRANSITION,
+ POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS = POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS,
+ POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC = POLICYDB_CAP_IOCTL_SKIP_CLOEXEC,
+ __POLICYDB_CAPABILITY_MAX = __POLICYDB_CAP_MAX
+};
+#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAP_MAX - 1)
+
/* Convert a capability name to number. */
extern int sepol_polcap_getnum(const char *name);
--
2.39.0

51
SOURCES/0001-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch
Unescape View File

@ -1,51 +0,0 @@
From 453d54da10a96e1494ef8aea867f6c9eb8751677 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 19 Jul 2024 18:17:13 +0200
Subject: [PATCH] libsepol/sepol_compute_sid: Do not destroy uninitialized
context
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Avoid context_destroy() on "newcontext" before context_init() is called.
Fixes:
libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer.
libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy".
\# 1460| rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid);
\# 1461| out:
\# 1462|-> context_destroy(&newcontext);
\# 1463| return rc;
\# 1464| }
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Reviewed-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libsepol/src/services.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 36e2368f..f3231f17 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1362,14 +1362,12 @@ static int sepol_compute_sid(sepol_security_id_t ssid,
scontext = sepol_sidtab_search(sidtab, ssid);
if (!scontext) {
ERR(NULL, "unrecognized SID %d", ssid);
- rc = -EINVAL;
- goto out;
+ return -EINVAL;
}
tcontext = sepol_sidtab_search(sidtab, tsid);
if (!tcontext) {
ERR(NULL, "unrecognized SID %d", tsid);
- rc = -EINVAL;
- goto out;
+ return -EINVAL;
}
if (tclass && tclass <= policydb->p_classes.nprim)
--
2.45.2

40
SOURCES/0002-libsepol-cil-Check-that-sym_index-is-within-bounds.patch
Unescape View File

@ -1,40 +0,0 @@
From d045edd5298a75284ce1cc289d039cce8b7a24ae Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Tue, 23 Jul 2024 16:41:57 +0200
Subject: [PATCH] libsepol/cil: Check that sym_index is within bounds
Make sure sym_index is within the bounds of symtab array before using it
to index the array.
Fixes:
Error: OVERRUN (CWE-119):
libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: "sym_index" = "CIL_SYM_UNKNOWN".
libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument "sym_index" (which evaluates to 20) in call to "cil_resolve_name".
\# 3187| switch (curr->flavor) {
\# 3188| case CIL_STRING:
\# 3189|-> rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum);
\# 3190| if (rc != SEPOL_OK) {
\# 3191| goto exit;
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_resolve_ast.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 427a320c..da8863c4 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -4291,7 +4291,7 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en
int rc = SEPOL_ERR;
struct cil_tree_node *node = NULL;
- if (name == NULL) {
+ if (name == NULL || sym_index >= CIL_SYM_NUM) {
cil_log(CIL_ERR, "Invalid call to cil_resolve_name\n");
goto exit;
}
--
2.47.0

81
SOURCES/0003-libsepol-cil-Initialize-avtab_datum-on-declaration.patch
Unescape View File

@ -1,81 +0,0 @@
From b332edfc248f7c5bcf651be033e2f06aa5959776 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 23 Oct 2024 15:43:15 +0200
Subject: [PATCH] libsepol/cil: Initialize avtab_datum on declaration
avtab_datum.xperms was not always initialized before being used.
Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_binary.c:977:2: var_decl: Declaring variable "avtab_datum" without initializer.
libsepol-3.7/cil/src/cil_binary.c:1059:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
\# 1057| }
\# 1058| }
\# 1059|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
\# 1060| }
Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_binary.c:1348:2: var_decl: Declaring variable "avtab_datum" without initializer.
libsepol-3.7/cil/src/cil_binary.c:1384:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
\# 1382| } else {
\# 1383| avtab_datum.data = data;
\# 1384|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
\# 1385| }
\# 1386|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_binary.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index c8144a5a..66c461eb 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -974,7 +974,7 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
{
int rc = SEPOL_OK;
avtab_key_t avtab_key;
- avtab_datum_t avtab_datum;
+ avtab_datum_t avtab_datum = { .data = res, .xperms = NULL };
avtab_ptr_t existing;
avtab_key.source_type = src;
@@ -996,8 +996,6 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
goto exit;
}
- avtab_datum.data = res;
-
existing = avtab_search_node(&pdb->te_avtab, &avtab_key);
if (existing) {
/* Don't add duplicate type rule and warn if they conflict.
@@ -1345,7 +1343,7 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
{
int rc = SEPOL_OK;
avtab_key_t avtab_key;
- avtab_datum_t avtab_datum;
+ avtab_datum_t avtab_datum = { .data = data, .xperms = NULL };
avtab_datum_t *avtab_dup = NULL;
avtab_key.source_type = src;
@@ -1371,7 +1369,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
if (!cond_node) {
avtab_dup = avtab_search(&pdb->te_avtab, &avtab_key);
if (!avtab_dup) {
- avtab_datum.data = data;
rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
} else {
if (kind == CIL_AVRULE_DONTAUDIT)
@@ -1380,7 +1377,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
avtab_dup->data |= data;
}
} else {
- avtab_datum.data = data;
rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
}
--
2.47.0

74
SOURCES/0004-libsepol-mls-Do-not-destroy-context-on-memory-error.patch
Unescape View File

@ -1,74 +0,0 @@
From a67e7419e09e8954dd8d96baaab9ee663a00990c Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 23 Oct 2024 15:43:16 +0200
Subject: [PATCH] libsepol/mls: Do not destroy context on memory error
In case of malloc error, ctx1, or ctx2 may be pointing to uninitialized
space and context_destroy should not be used on it.
Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/src/mls.c:673:2: alloc_fn: Calling "malloc" which returns uninitialized memory.
libsepol-3.7/src/mls.c:673:2: assign: Assigning: "ctx1" = "malloc(64UL)", which points to uninitialized data.
libsepol-3.7/src/mls.c:699:2: uninit_use_in_call: Using uninitialized value "ctx1->range.level[0].cat.node" when calling "context_destroy".
\# 697| ERR(handle, "could not check if mls context %s contains %s",
\# 698| mls1, mls2);
\# 699|-> context_destroy(ctx1);
\# 700| context_destroy(ctx2);
\# 701| free(ctx1);
Error: UNINIT (CWE-457):
libsepol-3.7/src/mls.c:674:2: alloc_fn: Calling "malloc" which returns uninitialized memory.
libsepol-3.7/src/mls.c:674:2: assign: Assigning: "ctx2" = "malloc(64UL)", which points to uninitialized data.
libsepol-3.7/src/mls.c:700:2: uninit_use_in_call: Using uninitialized value "ctx2->range.level[0].cat.node" when calling "context_destroy".
\# 698| mls1, mls2);
\# 699| context_destroy(ctx1);
\# 700|-> context_destroy(ctx2);
\# 701| free(ctx1);
\# 702| free(ctx2);
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsepol/src/mls.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c
index 45db8920..a37405d1 100644
--- a/libsepol/src/mls.c
+++ b/libsepol/src/mls.c
@@ -672,8 +672,10 @@ int sepol_mls_contains(sepol_handle_t * handle,
context_struct_t *ctx1 = NULL, *ctx2 = NULL;
ctx1 = malloc(sizeof(context_struct_t));
ctx2 = malloc(sizeof(context_struct_t));
- if (ctx1 == NULL || ctx2 == NULL)
+ if (ctx1 == NULL || ctx2 == NULL){
+ ERR(handle, "out of memory");
goto omem;
+ }
context_init(ctx1);
context_init(ctx2);
@@ -690,16 +692,14 @@ int sepol_mls_contains(sepol_handle_t * handle,
free(ctx2);
return STATUS_SUCCESS;
- omem:
- ERR(handle, "out of memory");
-
err:
- ERR(handle, "could not check if mls context %s contains %s",
- mls1, mls2);
context_destroy(ctx1);
context_destroy(ctx2);
+ omem:
free(ctx1);
free(ctx2);
+ ERR(handle, "could not check if mls context %s contains %s",
+ mls1, mls2);
return STATUS_ERR;
}
--
2.47.0

40
SOURCES/0005-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch
Unescape View File

@ -1,40 +0,0 @@
From 77e225361129f02d379e930859406a61420836d7 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 23 Oct 2024 15:43:17 +0200
Subject: [PATCH] libsepol/cil/cil_post: Initialize tmp on declaration
tmp.node was not always initialized before being used by
ebitmap_destroy.
Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_post.c:1309:2: var_decl: Declaring variable "tmp" without initializer.
libsepol-3.7/cil/src/cil_post.c:1382:6: uninit_use_in_call: Using uninitialized value "tmp.node" when calling "ebitmap_destroy".
\# 1380| if (rc != SEPOL_OK) {
\# 1381| cil_log(CIL_INFO, "Failed to apply operator to bitmaps\n");
\# 1382|-> ebitmap_destroy(&tmp);
\# 1383| goto exit;
\# 1384| }
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_post.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index ac99997f..d63a5496 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -1315,6 +1315,8 @@ static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max,
curr = expr->head;
flavor = expr->flavor;
+ ebitmap_init(&tmp);
+
if (curr->flavor == CIL_OP) {
enum cil_flavor op = (enum cil_flavor)(uintptr_t)curr->data;
--
2.47.0

63
SOURCES/0006-libsepol-Initialize-strs-on-declaration.patch
Unescape View File

@ -1,63 +0,0 @@
From 49926e313ca995ae72d5b6bd82f3f5bbbe5ba0df Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 23 Oct 2024 15:43:18 +0200
Subject: [PATCH] libsepol: Initialize "strs" on declaration
The value of "strs" was not always initialized before being used by
strs_destroy.
Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/src/kernel_to_cil.c:1439:2: var_decl: Declaring variable "strs" without initializer.
libsepol-3.7/src/kernel_to_cil.c:1487:2: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy".
\# 1485|
\# 1486| exit:
\# 1487|-> strs_destroy(&strs);
\# 1488|
\# 1489| if (rc != 0) {
Error: UNINIT (CWE-457):
libsepol-3.7/src/kernel_to_conf.c:1422:2: var_decl: Declaring variable "strs" without initializer.
libsepol-3.7/src/kernel_to_conf.c:1461:2: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy".
\# 1459|
\# 1460| exit:
\# 1461|-> strs_destroy(&strs);
\# 1462|
\# 1463| if (rc != 0) {
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsepol/src/kernel_to_cil.c | 2 +-
libsepol/src/kernel_to_conf.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index f94cb245..9c2690be 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -1436,7 +1436,7 @@ static int map_type_aliases_to_strs(char *key, void *data, void *args)
static int write_type_alias_rules_to_cil(FILE *out, struct policydb *pdb)
{
type_datum_t *alias;
- struct strs *strs;
+ struct strs *strs = NULL;
char *name;
char *type;
unsigned i, num = 0;
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index ca91ffae..661546af 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -1419,7 +1419,7 @@ static int map_type_aliases_to_strs(char *key, void *data, void *args)
static int write_type_alias_rules_to_conf(FILE *out, struct policydb *pdb)
{
type_datum_t *alias;
- struct strs *strs;
+ struct strs *strs = NULL;
char *name;
char *type;
unsigned i, num = 0;
--
2.47.0

321
SOURCES/bachradsusi.gpg
Unescape View File

@ -1,321 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno
qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A
vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3
K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU
lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw
CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K
AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et
3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi
kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX
TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW
Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB
tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6JAjgEEwECACIF
Ak97JQcCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGOorUuYLENzy1MP
/2c4fH8eXWbqoot/vLE+hJ14k0leYOQhVSo4lNlxRlbKNd5MQSX/QjkQgJNECbB3
LM0KxE/zwVOZ+umvmxLxNskOxjubE6NzoF7Sm9ydoqjwzenIpR9BVtg71mfjBOoL
PNrst7tHRE5btSnnnOS9ddt/y9JOIvQpkjtBTI2TfVcp2b4Domg7i4qU/hJ7hu45
5oAi6rPPkr0pcGiDKTqi46l7+9orsj9Mxs1XTmrTMMB/eV6PCU7Fo4WJNXS8SXd3
sEVxXvpyYjUTTnDuewjT1q8NL7anrsckS16WYSVGKzRhqtP1Vudt1F/D5cWKVqQp
vQl/XW/uQS2IsgEWsbRmIAEZIUOy4TnuF494C/A+1BbJBdUr4Nl9zPH2bjrJeqYk
TsvGQr1icgO4pUg5oC456htkqCxCuPRqqrGDAZBx54TldgPwvCo31+aPQJlOlWvI
uWD/depp0De3oTK9FDnHh3swE0vyn4Ht96+vM+KNnDYgJ1FEaw1efYePFACobvEB
o2ZpLbnDyqAT4MzfHpHSbwzUOk52ZOnkl/KrUIOxhXtf4dxRS6J70Rzb+HWS3rY/
LgaMO5Q0BJfbvknguKmE8dO8jx0pTlVER9ujqp+bVPXmFMha1j8vyGhJ3eLJZaRL
k3jgfRjiUUb4lNp+hXpvBwIYeFWl5kFVKg2aPywgnnFWiEYEExECAAYFAlBq4WgA
CgkQ4J/vJdlkhKxmjQCfevlawFaGTx58nDFN+4j/2U6uaGcAn2g1sZcTUrEEYHdL
byAyw1GNLksOiF4EEBEIAAYFAk99mCMACgkQ/2iSBAM3HxDivAD+Lu8U54iGgL5+
h9KpeV+ZlHgIpj4cD+BVL85L6AQ3GP0A/1TwZ1tS6Ag3ut2G6AL2wewR3v9Mgu68
E0M5esz5of4oiQEcBBMBAgAGBQJPh9ZuAAoJEBliWhMliBCHMSUH/30V/E930OTT
oWeq+QKkTJuMF0lrA5NaAy+xWtrynMKoiAuM0KFNGPfrPehkoxR4D+MKXH+xh0j2
bHl6fXOHJCKZLhCtsC/o8j7kkjIJjixBlwYMul21rxecke7Zt4XpxHARJx4208Lk
ztpzOd7ZnDP6KYav3itpxK8Eyj4g8N2omoTQ2Dcd+sCa0jgRkyskpPxdt0fK0D04
XW7b1LZkxwzwrAGSpjAZVzpKBXANcSmUQDAaIhGvYSKoiwVe2eaE5lUmvAaJQaTr
Ud/LCIwFofTLSaBRX8fEOe+UwvW36VtynPyETyROeTMp//Cm5e2CQVPoDv79soyi
E/oUW9DFDhCJARwEEwECAAYFAk+Oe6EACgkQlGXZM5TcxIlIRwf/VjfbN3eVf648
vXvDctsXfucl37i6Yue2COJiGYuZOrN7wYxVvH2to8P3V53YV9OqDpJl2NXUro1V
iUjFHuIKp23VbtyBAYsrLeTMmHLjnXlaUPSr6JUDHUQhCF34BTk17e9y7tXlEshF
YVyPlGum7JhyarHB2rRdjQk8kyTqmQ4yHjw/nP/HlvVxdgb+mTmudTPVBafOT1R9
MJ/SN2x4bclT4cQ0hjNEy/TsFzVduQj8yNOMFG9r6p1Vb+u1wn3BTANIh55R9aDh
3JFFIV/jBTkxukxR5iyGQiR53nl0e0qnQFxpfhFGclh0RktjrHZ3DBAzcuYXp540
Vu9aq9QuPIkCHAQQAQIABgUCT4bdRgAKCRDCPZG7HYJE34FtEACfqPwWSItk1lNX
E0HOM1YuHXFfMGURF1AotskJatwtjGy9oDUQkjfsPROnWjgH9s0xD2UmlTrjJfWi
BdH0kTLiExVUOmvnM9VFMRhYxQZMwiHecm4FZ5IWUz4e05oGCkHFbMswXEoEG+qq
btOfLNpX67yy/JM6We+8PiXV/c2vaErpH5S8YChb5wD9lEWNM2aPBOUmbzONM1/f
EFd8AF6fUVYN7htuyG1n5zTv+oowmO2c0terJRGmMgVuLugIEnKKhaQ+H1K6bdZJ
7mX4xxx5izEyYeYhi9DhBHSwCLhWR+Yilqkc5U0nrF+3Z+Cb9THHppi071OIQ7pX
rGsQSpDzGRXCw0nKEBm0Li13re8cOoHMlPD0RHWZEIRZGSYX1YKBtVuv4kpSq8GN
85lZSDKGRNtbJBS7Qj4vyOlOrBO1eyyd4lepQCe2Ri3gU97rek52tOM+fAIibz7V
b4a0qbbphrz6PVMbDGiBxM92+YpdDyZGyL7wJ4g6DhRRcEUQahlZ1n7y+YQ60ETs
zt7+kD08Zi2BoJpiMHsFfoas2pot7VePFxGutwvq0p+OHSVlwkLgOaORPHumLA8u
J3BGlJTHsErUB2EEgdc/Tv1vsZzEI3Zi+hqw1gcbke21Ii8aDfshbeKW9hYJAhnW
m8VdF3n80UX5Eg56iybrLCjEyiAEYYkCHAQQAQIABgUCT7yYRAAKCRBOBfZjp6Qb
nnyTD/4gVbq8H5ka7fVdSAnX65/kFn5xkqGzbpCkjcqe/5uI2CvdYtjeQ4K6sm7I
5RLoyu/EE/JPbCRHiucsEak42WAZSRte/Wn2yTQpIb0mQ0wXJvuM+Hx7DSx2R12P
9rIZ4mGo/rEtdG7Y9Vog9M/XGx7w5IqSw2DF2yiYQJXsOzHjphfYB8JfoqjW/73k
n4E2IRJtCuWhfiJZJ+GEGceSBIredH3o01ThtbAeh/gzPRF3FU1361zyA1sXtmGe
qwnhNL1spHRlpub3cvAXQ8RSYrNdiFZB5zohNt+iL+qzVWaUJo+vYZal1Co5/roI
HN5nJef8kp1ngaYKvf1hIVvsdQsilVQIXKFWMd47aU6W8gPr1W2+U4yw+q+OXari
eo7gpH7/OvMSe/3wOhGVD8KJrMwAVnr3M4wo2CM6zlwxPGdltQI+IxDD8NTGTmNT
rRARYRQaFQyqd1SrVt4sSkeoegrpOG4oWXya/v4SeXHD4vt8vvvX3A4szB73a355
IfbyRXDER3EfFfW5c+BnR3bxhfATTE6T0AKz1Gq30Xm2ycTGYCAZ2yBKewaegTpx
3O/E6APTXUnVWTIPQay8T4iVUiLFs7W1UFMY/RvmIvKKFIQWcm5O0L+27PJK+YSx
Uoo1Ivt1pclTuetbRbN8VnR3K9Pp5uZ4KLz6ZkffmJg2sOSu74kCHAQSAQgABgUC
WWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0nr47rA12X6dJ6+KIBE+XB
QxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVdzvUa1m2yeNCFHOTjln6Q
GjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaqZt38I2u0Pi+/qHDt0kLy
RSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk2HUerg8VCAyQrxYtZtHc
coyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROFm257MiH6gvG/V8CTrJfz
lpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erxe+biBauFErYQPw3bg6xL
1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZRHwRUPGRN07SbbEO1lDk5
uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4V9d4uVDX3SsktOLMvtWg
nL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zjq5eqotVq90HMBO9kqcjC
YsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBprk5DSjD7F0/wnQPoq8PY
HIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ8fvo6B91COe9jTF/H/i3
A7NjR4kCHAQTAQgABgUCUQZ8hwAKCRDZsFd72T6Y/MoUD/9xxmXbPL2Zto6qECXs
Q1GFuydiYlURxDsVUiuc1tSgEoDb8XcXl37l/IKX1QmcpvHMPzeT0g8sNwIXSnL6
BNCnFcfrd0tEz8uBPxVnzMiGwaHP1kB6Vs6sNV31+CJcTz8BHHbOdXZnhHqXSb02
SonqAYeWVSlE08Ejvq0HIWRn6NIGdGqv6icBExryJjS3ZChRFpvgAJwsVO5f6BKH
oZnEn79uQR4XPHwuxRbm4hf6iYEbOhE7Hod6kTzS9vYIhyuTFTz5Kz/YxlMoZX/j
TIYsX0nZ3r+Tshur8iUXJhKvvXVlGyrGO2HXfEuIpJqEx4/qM9jUNP0EE7aPzZ6f
BP7Xq49Dx9lnZuSQ1jeXxEEpO+AND2xmnjCHr3EfgYZrrhCSxMQhvJh7wypkzu30
D41BHPOPSotmM7WLceHWmYui0Wuq9X2hom5jq11XwACEtmNiP/odXjF0ovfK0d8l
j/kivgrXAZdN/ONJapVSLkRMS71S6eln+urR9HfswEfM7IPt0cRwN1oNIhXmK14+
XBWvvwvalfuxG2UfxD8K0JXMwARlpGlV8lXpuzDV8EcrvLipKpqiQWaJer64kaQb
8qHEtT6+JNoGkymohrfeVagxKmPzDWR4v1a9lgZwY1FTRHNVPM0P8LWlN9q0CrYc
poBwkhTMV1YJ1OBSrkM9IM2vsokCMwQTAQgAHRYhBGMZHOlBgwmGicq4237xN+yT
Ww6vBQJjLRkzAAoJEH7xN+yTWw6vZSYP/36Bt4QhRtIh6HPWbHraFSl4omnuISu6
lTHsqhik81nbIUiLZ5e/KN6ONSgD2jfMVQOLiPTQFOoxVZvOjaHmHvMuF7BCbr90
Afh1qXW9txuPbVkhtC6hqIMn87b8UHEnt1l5MiafQnPHhoociqaqwfls/iu0nJGu
Jf5eVMXpdeWRk+ckGkqP+tXp/0G933jibSdYqwG1Tsw9D98xnGV3a/+zIqRtJflp
HPEjHPT6rVKAZxk7gkYSSsv6ONBwZHqwe9W1I+U4t6OPkGo5kNbMPBORB6/7B2Qo
LHx3+KYZs1j6glI+F/8IX2+JSFs07saMnsDhE7w5FzmwWV2JcUt42RSf8DVub438
jgA/Ht5yPROEJ87de78aD/t/gPq/Gm3bnUz1BW0jxBidjqg1qPOMYjC7n4dH8X0N
cRfX6tWOdSXmDBbPg/vQi6CEIhsGVisKlnrgYi1wDZExU6UVMnBNvllUu9PXye+7
51cIbrb+fwAWiwmu+AsL0qsjxZYo+9ozOLh9wLUhxOY5MZM82alN/mlUGzEiXN3R
i7D3rDrNFHdI4LGGLbO2hjPYrG4hdNHS+6WbU6qYcpBEhrqBtnUjoVqIKP2boBLR
ara7hHqVO120s8kgGtf/AoYpggD0H4qqUy4EFNjVdcL5T08w6ldQIYo7CEa1iHFt
ML4bsPcJh8lciQIzBBIBCAAdFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAmMsvIwA
CgkQVeRaWujKfIqNXA//fjCpyIPPd6RnJhagWH8XCp5NB4cCT+LqAIR5yZfz1QE8
Qbzpoobz9ysgXZ5XjLp/lbVffGyg986j0wUtSW1+g3kJcYXBUKjSWoBwwmZgyZky
95U+uklY8CdPjSeuzr2I5X/LogHNH1378d9aEmQXBfX1uW5g4Aqgnl0OOgkCVzgs
FFOO2o1j6svrrDVG52/mwXhNRm0yYK/hFB8T3PO2IvMQGDGJLHl6N5Kl7P2jtkyF
Isi4AEzJeop/2GJYXQ+VkUTSNRKQj8oOS5qe9/0RkF9uqeamoc81n2But8MZN2fv
R7ug2EuG2LHp9/pwu5ekohXmY8EtMbVbU7TYKgduK0FMBaK36jXN4Bapakfxr1z5
pwdDjN4QiqUefBQlG1CJ6fGrqbdAupzRRDqN974rs5HafnbxioYRYjoo4H0zC8XN
UwgmA2wrwIIY/cyNCSnUuT8yVAnroPiFgmMoL8RM7C5pHQYh0u3fXPfvNBswjXmR
pJ6mhTqG6SS4qIaPhqoZqA1iyA6+Ua3YLBDT5wqvuqNMnfLtLUvMuridmlj97cRc
srQIr022NdpafDQVAiVhZO0CRyFd/++XT35iiDoiv20+LewC0VVza466AE1fkAme
rKlurlET8U/+U0JB6IP77ErjMgCzotV8e1DJkp/M37nMeNzazAb//ovsdkNM6P6J
AjMEEwEIAB0WIQRFaBEoRJtl+IDGF5c6hKlGtLpirgUCYy3RvAAKCRA6hKlGtLpi
rvhHD/99Lvgf+CjbhwC87CoKX84MyAyBlYACCSuySQBnEsVigz8sCVyTYDx52h1h
/SEj7XfTylAfIl1CjUedH4w3hk+7IN4scmhf5eeEMvQd8q+Q/hWQcXIUpwgKOcVD
NbUgYcbakJAPtilK1CeQvDdBD+aYoMsJTsII/f7FJzwjPM1XGf5EoODUC8BtQf/W
KAVoESwwAUwN6Y5XeYSwMqu1s7IHs3yNYLV8C6A7EQPVaVVlORqI+33rKyqAhK5X
ErNvAREQPYJMfRnQlIW7alSORwdG0JBgVLgV+jvoFo4a1AQImHDDtKxs2X5BCVG1
I687uYDBy5Assl/VxRMIUpx5+zWvXyDZX/6nlL7AMokTlyosgP4iiifBS+5KMhan
phMgnDXYIJE10V46Bdw2tjd7wMKey6BcKgfbZSvU5z+SuVnQXCyl3/blRML54I5o
EomXPg6lgVxSb6BBnaJXzx4JKgLer5uom1OGsLgPMqEHRoO3bucr2xFdtq1Zegw4
9S3qDhQ3bn8pg9JlYwmAAhBd3Xy5cPv01mV6ompOQ38SlMCJzcAGASdMw5scaxUl
7MloV2Nl32HIzPjK47bF7aVOFX7Tz+rEFLmJCchqmUSdxi42rJyHKVRqiAlNfZ9S
9FeaEfU+vBxOHsLNqVO7ErvrTafT5fjphZqvUTqZGCUiJUjPnYkCMwQTAQgAHRYh
BOJeJUyO5NMDVUv1r+xwGh2klMXrBQJjL1NOAAoJEOxwGh2klMXrYaIP/ifHM9eU
UT6JD0m6Oa3P3T161NhOvNqr71LDSztClsWo3XX0+ZK3wpjoC6vKqgx0Cc8OL1S2
GqwCaxb5JqWpsoqR3NW6bTqTTUGREj/e0JHDeBzv57OEUTe4ea7qzqjhCX6iyzHa
qDP9fiAogMQ7uT2oCghDV5yo4JUrG5brw8GkMLEvRSs2BEv7xFAySRaGwNj+oziZ
VzL7sBzp1bCr5cwNZVYxoo3VAv6FUcExp1TydxzPVB8/VvxOa4zrht+hFTn6mjUi
NHBc7DYECgh4jlDR6TnAdvpg0FsujTXiN6A0obOUl9jGz2uFmdY+2ojlVtzqKXoP
+PDz8o2zMrRoQYkni9VyIc536E4OFIhfO6CrThMjJjPNn22Tq+fzRYkWTrlJom9b
nOldQ1BdUXQt2QNigdzqjhZTIgF5OEOTERh80dvwIbZ+7vN00BOsuncR5GUBQerU
F6+SksVRAaOg2lyoDdxUQ+Z28RU8R/n7VjMV8ctFkQvHHLBqKkpET8LRh0C/jSNh
gB8zLPc3Oa4wTf2xZWO58S18esbYMr74vRYrsACbmwxH5Tz+L6Br70Fmcz608+IQ
ESKW3657gemZgFud3AGokzKG5AuWykSinydiZbK8MRGLsdfPUojaVIgXFqnWKtkH
At9gkD8YbqGYzuVwBnljBNRdTUMk0ClgV6pjuQINBFom2R0BEAC9k1Ky6AIe9sPP
xrgsrXRe0dyYcoHufzeU3jFssl3+S4cRuvYCzdZfRfdjfHa4n+CxTaOd7xkefwJg
GpaR9KJbu8dqHm61GIiS5ZbMCRU8FAW6ohVeDqEwFrPAzZjtO41OTpeXCrPu5H5A
Tg/kDnabzlD2H8JWAqr0DYRRhFtJUihXUey9zK03wSjUi5E1+YHUC/fOpbS+msNN
945CeQNBN4Ljap9Q183Fkh0Wm4Q8C0OS1WN8a0XtqSALRCGAZ+EV6UrmQVP9PCC4
/J0hoKQPv2bfpBAsrUGAO3Fnsw7804i2TY7O3JA8gGDYX6fwOVJMUXdD7FX7LM2P
pESqAdPrjqmPqHT8cPfq27GYgqHv3N4hP9Rjt9wxmHYFbJT0YCHw2ZMiAO/VcvvN
miGr590ZFiQEb1MJN1r+h5UDE1CtF6nTieirSXi9oMilHlo2NY5nAItv/T9PKk4X
+kaH3UoicMxrkT34tACGwxi4VIRYWL+ZquxE+bwXqAvbGJ0p3XbyREURCaO96J/2
w951EvZErpFRQu4zzClmoMiNbwkQ8QdesSaqjMirlHyFI8T9BZrXbPazdVNUwfyR
LFil1q/kgXjXeJDoje73UiyGhqhlVOlEbunGzCwEBzrtQdPTDeFQr476/4pe0v4u
gdNYkL/gY8Izodn47d1XH68AuRSrzwARAQABiQI2BBgBCgAgFiEE6FPBhIsBhc9C
hk3zY6itS5gsQ3MFAlom2R0CGyAACgkQY6itS5gsQ3PQSA/8CZGTxQDbD2oLkGb6
tyECIs5A1RsfwJ9aj0R/HuEO39ki8yM88fwi8F5AfzNcmYwp0rxyYDDYM0itObSv
A9WBB8YFZ2PKT1YHrwTzWbne+spmQYDRdFt+0Kx0JLvgv7SYvQ1jNdCazixH1SAM
9O+Tn5oFybVHjRavWsQYHp1CvXY5kOHOEDHhz37pGwFvyVyFdSYS5PWT0+0XU/g6
Uq2HeFCurhUGuDXJ6WA6Ipvmu0vbi8GpyeiWCRoG76sqbBfQ7dd0oDMUHitewWGq
LP1Kioke9hu5p9CbkjYwGZjJWZEV6WHxOmICfFcBRPeIJyO8Kfa/vVBfQZj9fhqs
3sHSfAGIdKIB3tX0qKhMRdu/QoM14YQ1yK80JTUUOcrKLDt6QJinF1UQ/OcYQqGB
CXaRk1OKGFuuij16QudnX56+aYbNPltf7cLs1O7aodQcRxmMSgxSE/2ckthPYBsX
PWuDMYZCb3e6JMWsdnCI7iPpoPFAJmId7SWJebXZxntoX6YwZ7Tx58/QMLEqxMfE
ExQTAFg8/owvxCG12KaharLr4GpLx0aU39QEJenG1LqGLwiQh9Vxsejw+MkebZJE
6zhs7XBpenrd5c9OFOtb/Goxwal/6UXz7a62jZ7wDNpJw9xOfC3/eX/56+6dLVef
RFj/LOIu9reM4boTiY2dmGj1QC25Ag0EWibSSgEQAMhQB2Q329FSozPk7V6dYBO+
jDBMr1jHWvNMCR/2DkwXfDAKK3haSWSqr51/wua9skFRezQvc9PhgvOIJi1jsxRf
xNoM82a2OpYJdj16FG5RVQ/ApojiywNvp1YPJbmq4DfXSuUA6q+OephsFLrx2cPY
nyDQaI6mrqTBecET4cdQTZK0nKKUPj3U2bI96zTBIYK8Kr7GMKXm8R1eV8bktwHT
HyDjI7hN5EjZViYqZYDQ3jt2vC1Aj6XpFw5K7Sv6f0l91zyjfcu6Llsfo8xtRhAl
lub8EBuO6ljJ5uWqDgjqTOkDXcIAUkhUCg8ztweR15zgJQQ/On0XDcHLtyi7zuQd
xNaKYKkD3oROTqce+YbNN3qnP4bV0qa0JLlTOrE/0/zmif7Q1zYOidcmMgGeF6Gp
pGQkkxY4gSKet8kD8h4AZXGlpFu4e9sue1ENDRmgWaqSzIWudMRZ3z0/s9EGNNiW
60nwJ1NBoySeQEmnwMzAHXneRM9pRGQ1S3/CKttq/0eWEH3Y/Td9xi4DNvTXcvgJ
uUUwoclWP2PCPg3zE+EQ1q/Kt2oYrT8NcemM9EO8btNzJ/Y1wSDLFAFNikHwYjTM
86jWoeGhSM3fD9HJjfqoB41gDKvNIVlhQavhe6df4+AoCo/mGosLYAPFaHHdkmqn
eT0Y0BnTRIS9yLcO8CBVABEBAAGJBGwEGAEIACAWIQToU8GEiwGFz0KGTfNjqK1L
mCxDcwUCWibSSgIbAgJACRBjqK1LmCxDc8F0IAQZAQgAHRYhBNalthyaVTQWgpLb
Z74iCR4+9iJ1BQJaJtJKAAoJEL4iCR4+9iJ1D2AP/1VMC8KOmzPYyiFY+1xHu2rv
siB0f80GH1jXwDSM/IKvsH1axCD0hMV5sSi52epCov37czSlR3MpQjo0xK32wJB9
26AgbzJYZO48qulDUXUhPWJ9bxiyIcxI/3KEspY1RMoWv8AfYA/qSma1cSdT4IMo
SGJzPh3RyrUpeFP5QT02oGa5TuSQPiJwy/b9u+RVOi1SSqzHMJdKzZehGays65Pd
jC8Xtf4ipdYRBr6mIyUISOB+FBkY2MttFzNDUBdDrOepyjStQLZ1vUXnYKIiSRHX
o3XTW/W8fh72o26zeDbQcALywQMZqnwtrZluzKHZxF07whKmXvw9pUHXX6hbJDvm
GVMxnB/F6grPNi/V+Bv75sKOdImgnJBUp1Jz7288SPbNQwrqFKV2ZD3f0PFmolFj
Cz/Oc+UUk+swfnsT3pV6LClTThsOH8WlKJYxZLneX75HuVx4CmT+qv6GlFQuixjc
H0LtsbbSjAx7J2LRNVtfI+2DfMcIi8KJxe69MAKGqqxDyDPSWeFrs0MHmyD6/6m+
GTovgUT5jOZbR6GVKelW054bmby0zQevWnRieANVeFoFsnwclJnqKIRzQiGod1p1
b8HhSCw4nOeOQSifaOf3zcnFhYyByDMOtl3/AqGoLp/61u3Bk9h+BP4VPR3RUWzc
ggjmxJM0MrLzjaSXSedjzuQQAIq9g35FGpnaB8d/EjufED1TVSOkvNK/qJ+dD4Xz
f5RvnbprofMnzfEyy8jJ1Vqc3QZQU3IDQt/Un2ZywX0OboKGAIn/gyfwdkpnxJ0j
JoxRBuMplNpfNBw+oe0nFuozO9idFozKM+SWoE051/jvGHp1FqEPLnAAGeSbWB0L
RlAsnMjc5u6+SKHeFGRKYg7U0sO7ZKbVIT4ZmRnsQLDakHwbAgfcIakh9Whj0Ou5
r78Cs+DcM3XAdtZ04d81jV5TsveR8/Cn473c6dvPIfnA2P4uClTCaCDv+jXG2f9a
FIuJhYCO+TdYs7qjAsXWngJUebRFiHbfSuYDw92/eqLdKD1Hoff4MnW5YOtDpp6E
sdCDuINeRtUtnidw2vIPezX+xdmycXIq9Fb+GvKrIDsKu0VO8HObVviLa/RE11ds
EHYlrarj4mqzS2MhvmU79Bazg9rDDB4WVs502n3uJaf6Sod/+ke1c3ff7AUPox2n
pjH/bVmkZJsOq5EqcvlH3m2FZUHSFWS/yTR1rPuJoHBMHVc4OPlTuSqT3qmKL2vb
vD1l3D4zHZs1paRLddYXiaex4qPU/0YpP61XU070MmFGYE8Z43TbMPHu/6LYBpw9
p5Vj3VZwn2edNl4LGx+05hIABzM23I7JoQ44uPoTbohmYXF/DUGJ6h2LYdp81AVC
lSFWuQINBE97JQcBEACpbBqvDl8J65jEhPjOWczcDVB+WfG7GBHB7T6RxSNFIahy
mDqzx73zZD6n4NnZogPDPopYdRJ56u5AfF0bDZlgebl8+VEgPHGoay74Gf6k0B+c
pEkp5PaWQHHEqXINotVg29hTsf1u0sb+yjgcc+9WHw3MtpChsgk8Rc5N8Xvr1FJc
L+xynSvUCcLIwfgvLHYPPBYGIRpvz4ek/zgHvaGftDfnyMwrMbgi8kadrSb7PQgc
eWeTL7CQN1B88TPJFqKt/QxMdXaPy+Cr3P4XVy5V3/QEVFUizrtCCqJgxHMAeCP5
QxwYEWmA2zxUzGA/t/QUDFbccKt2BdpdKBFtHLliE+yn9FHw98JayjhAJxxeCkrp
MED9N2aGHI1q44sbmeLKQ8EuIbCamfq7fqLXgkEy8jgivv2J9YfXejjjEobGLkss
Jlxaq9JeQgFEVl6f0jJ0PgkYPd11RxTcVLy4RB417cxc9LHcoKdAtcgBTcZXPPYO
L+eM9S7rTvFTna9IdF4bbnJFNjHDMhb/9XomxxBsekpTUXEm2DGoTpO2W/jwWcZY
LVrdhikkkF8b88EdWk94fUTcFA90I+Ch0YbS8XGM/WIklrMGa0JpA4OQW5oMhKDn
gqAcV7gxRYt6ylBPVh94/AIMz++wmfqBxETFP8HMgTVEApLBLjwru9B/4lRStwAR
AQABiQIfBBgBAgAJBQJPeyUHAhsMAAoJEGOorUuYLENzegsQAL6NuhGuzQf2GELc
O5J8/BW2yF9sxHWDLrw0Pntq8D35kgGfZLB52tN3DI4NwL0vE931bXC7ovi4kHPS
sazv+WPUckYfJ7qskWVD1yDtHsADduwudJpAflfZ4VIvMJqJ7FUw5Fy9ennw/Idp
H7LC+ubn6XT6Kh9oKvVmp+BQEOsdisjVw848Thik+gS08WvAjK9m+g7++FFwKy08
5iXuuqZpvi94eU1QPvzxzzRZz6M4gQaz+pCq/5yf6I+Hu8G+5nq2foFN+G7FRkx7
KJmJ3SAEsG3M23V9MKWON49ZbhTe5xW+1at/TKKoNGzNIYs07jApR2/E4J57yMWj
zsAqg77hTDRiV0jhHl0DJw3RHFi3z+SrK+6ie6mrq8WEPj62q9qdM8dFs+y5X3UT
x0nxly7GjOxxhi+Nt83PAG2wVFpqmhVLuyPnruvxzyrVFc8Dvx46DiKCzt4PPK/Y
+jnVIQ7Jr2Jm2ZCpzZZT5QNJuDp46mKHlNBkvSy3q3+pM6cM8vKSuCFd9+dw3dX/
GptLebMrPOvLVDl4Bm9hSmG7rLpJy8U8Ns8pYSS1zaxHM8KqMaPuS/Zlx1SRIj/E
afefnHd5fIlmsH9C2O5fb18SFjmD14FCLcVTG7bwh3ZfbGo9sOJSShPxppPW2OoT
jwfANmj1cSg/VFr1d4HAEc83jFgumQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa
/Fvc4T49tqxcc/sY4uVlGo6oSi4fQcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6L
yYFmX2U9VRTcyITdmJs8itkEaDwq8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1Gx
uV44Ihlh6v2YyqSzDG/rZur771hke8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYq
OeQhxGIxDOHo7QhzTG+SlX+uQq6mzACKygVJJl33toaUwVAX5R02a0u67A5wC0wh
AoLSHInc3P7ayivWV/iESAz+gMIkuvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQSc
qA8F0x4OChCixbZGZn6Mr0u8+01VCEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20L
GHSbjJLcnqLLFx3LDpI5dAxo5K2kFvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpU
maPnMTiD5yvnFzEihM5L9DuaWqSK3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMt
aKWf0HkAsCP0BLJcS9Oc1/0I0+gC4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+
gi34CxWMl2Q34OSqtS37mzzBu+UZxffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoy
eG4J2ox9JRANZXLh/i7mNwARAQABtCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNo
QHJlZGhhdC5jb20+iQJXBBMBCABBFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZ
jyYCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUX
nPGeAA//ScQ3kJMqI6FRULXo0aF7CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXR
BSjstWkmOXP/UqkN7bNeXH/S3D3GCJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kW
vuBuLvUdm23cntv49gAzj+ElDqCxtT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK
9Dt8tHriQyI410qFRMbi3QxU+iTJ79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4
knt9E6zhegUWN6zErl2HY8FBM2P9eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1R
UUl1V9WFEaMiLg/Z2rmbD8LX9YtfYlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsq
I/2XS3BTLPyjuqAYnXxrk+T/Cydcg4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46V
SDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCk
Dczs1rxd/o8Wfjo1vwRHW84jZrCP3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwl
V103RpRUK4JidwHsmYDVk6pgeUH69hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7
hBj2l+pV/uzeA0akL2dkgfJc9pAf6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPJgEQ
AMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0P1/I7SfcJU9D3wX8c4vm
xkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9XQEuU9OtJsZn1ZJ+Ynh6i
5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64G2u8Xtxr5yqlQJEUThV6
280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3QhlWhHVjJlJ5hCLiktwF
DyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJMoADqBThf4B69BxjJ7Yg
7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO17w1qScrOPRj6G1IXP1R
5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvCJvPctDE6EV2vaiRy5N1f
QjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQlDdeHRRd1q03TKAg/byP
auAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XTxMOjB34SzqPRWzmLPLF6
YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd7w+/qUYbfKwO9eJOWzuU
WajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQpABEBAAGJAjwEGAEIACYW
IQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJA8JnAAAKCRC8OQXyNRec
8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB56Cu7ElIpr74sk0R98Ia
1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKThz33waTru9IfLhCrRSNd0
ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzYeikqVUYzS143cSzMEwtv
PSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3q5OlpYxxw+X62vslZ2OM
iKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKhC/BcWpEYSjfPpVua2oKb
ccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDyBGOAxBeiOaOnZ8vLBzy7
2HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62FG3I4zK985GtrXAHEzN/F
fd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutYzVE8lF+uqcduPuq/rTcU
BuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1xpPueDBTzvoGDQRqc2eoX
pJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr6RFgWdD008PsGxUevIDg
MAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBiTakEP7kCDQRjWY9xARAA
rEkjlUH4hoSQAkVJCWWk+nF+daAP5IszrGEQH7TyOVwXbRZndSPFSUqKU2kEgHbM
m+wFYoZe95h9tjDh2sLCs338pVu5Chhz3dNseTF7/rbckw2rCU+JbalEiwck7tKL
qobvbh77jnrbQnkrZNc+nMeHHLrYyc5gHW6cSn4UlU42MKmTlSeOG4Ly9wXhgaKC
heIXNX3U/D682Tffl7Gopcm7pPZF92dwY4nIpCxU2ATimkSyulbhzk2CjZ1JYUJ1
LHctMHm9F0LEGtc1GxDShzVZP8dOWpDs9BBwZDLXxCzC4rvZ+z5BJCDFbuNTKZQ5
JEoW2sM8yP1LLZGXz44hsab1aPrvB3vcdS5ETP6bqT5267ZiotdhUifU/pTV5ze4
7wNuaZenQtGd9olyh2dAqOk2DQrcBQFA0gRp55b4U62hLTYXxT+7jEbSVAxeXDPR
qPvqh/4kVn86llYjV6dAoASN1wWz423QH3u4ZK+S6g8HZ0HrY2+NBYgqthb6H/X6
FiF5VcHWstkk967g4Xt0PgN/rlCtpXh4WK9sScX/CFdOURsHlb78ZN2LexaYaVBq
QuqvfHaAPJaIElXqMheZ8aYrO6Df4yzJ+6eTs3s4PqM6EMir5waFonx5Gh50X4xL
9p7IVqgNPhQsU8Z5U5hGYbmUH766GtENv4CI1upFA1cAEQEAAYkCPAQYAQgAJhYh
BLhoKEd2TfYN9S2ZLLw5BfI1F5zxBQJjWY9xAhsgBQkDwmcAAAoJELw5BfI1F5zx
4cMP+wbjKu2xCr63oyn+lo7NqMDLBYl4zHunYTZhG/egDakVWp5Ikj5/k3i+hVSY
fUyUhqQ/b/H096ropB7GA6EzS44GS+hLMdQOJOmEbjvAP/9dJDX2FQnYZzaA2f/e
Ikgaw283oOLnmYz0x7YAW/oxlnPn+7Sg7DGGqqn3nKofDUUrowfX0tQGwkGmJJqQ
gOH/ZfU4t51UCKzF6hWRbberBI8ezp24vYngA2kGef1fCUC+EIFhoYcdHHCtC1Ti
KmOUaeB9ZMiVXkP60fmCLKObwcKTyYpAFPqM05xgsMPFaXN+fQ7YVAGpCdthk53N
5Go+QqehwLoJk77CHZxIWJIf43p3UiuH1FsuXF7OdExzIhUSiUum6MoCI8BpVwn9
uSKfXKLOdGDR6IJI8jqdC9LYoXqxZtDhpcqD70hFWJwJzZg+U2SvxZyhOqwtKXtD
TDtee3yGzPacSAJD7mFURc/DRi62UBMiFcqO1YW/5LgC4yjtzo7MTQPkaGbQLduH
IlCKa8pHWPqaLFdMawwqNrTNHWXCD4XxijJYwdAue3NUG/utekNm82mqnbbWw/AX
URIzefQsbyqiNYMztudJ9hAS8yCdkfb9SKVIvWYPQ77tHltOZF7K/NzOGeJaJr8l
vqZCfXpWmOduTpWaD2kIvU2Kx7gB4jXdMa2ai9N+/Hdr3lLouQINBGNZj8YBEADg
Y6HOawiThxQVI+0uvAAU9yisew1SSVO6mAsQtZM7s7BpLA3RGPj3UGojZIeejA+k
fq7A+PVLBhz/kSBTtw9/s3o4rlqNzz7SLaix6XKWCpHOBs84n3/LF6u9KMMVk9vT
sjKz8iDF9mBR2bmCfLvEk0HDiMyApv5SbOsZMB8k5PWyK8HYPyMI5umEaOsaC3tA
eihO3nzAxEf3oZl53J1pIw+ecdrQLbWbH0aqKngfCddD8Q0oMr/Iwly3W49+5eqJ
oelR9/dut/dg0a3Nn1wIGYRzC62CCsF5IZwKdyPh7nilEUFpA5Vlz+HfIFch2LfR
F3Q/GZD8fKzKxhjDIdgyaWSTsMbityKxX2G/pcjshyMsZT7I3Hx7SwQfFro58s2D
FsFLEZgBhJv+nW/HckeedaveXmXdHKjtsa8+rvGADti4wohOl+N5tbpYW3/zR3AY
qlh47hG0ikUJ8Tusnu865j3Z5mE+KqS68ypRVBMRrdJl2lGPDCnXGhl2720VPNMC
/jB2Mgm/L1mvQM1jPfdC3KgokDAH5NMzKvav6A71aLSUJli3UdkGHkX5d5urs3k3
WmCt7XeTb30MBvNzBcSYTbw2UGIRE8G0CFc3wtiWWiQKPeFXYhn0+COCoW/EXpIC
VaAuMPMgcsldM13bKGyGo3NngsNEdopNFfr0KKW5XwARAQABiQRyBBgBCAAmFiEE
uGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj8YCGwIFCQPCZwACQAkQvDkF8jUXnPHB
dCAEGQEIAB0WIQQb4sD/CJSWIxAv0lZGlYgcJUUI0QUCY1mPxgAKCRBGlYgcJUUI
0ZkHD/9TlRvAaZETf+pv4/IceeL3KHwj5lrC/gojXxN0AjhAXljLSRCu0EyICxZy
3158h4k0vwjdv8699yHEN97PdF84m81mqxOz+juKBRHFK/EwAAgOdSlzGnUYgNkm
mCROFWtjeneNWaFdEnq9MItx1OascPeyxnWMjq7LLYMSESP4tgUV5KdlaVAXR6q/
833u27/NodkDcNH2UK+IyT+Kt/uCOoIIL4ttxo/PvZTphzV8n6s0sJJE3/BrRxgv
CTkVU6zosyJsyau8/vayQYGPuBuEQVs4Tr+vZ42izbkHgElcZv9oYjJsxaqZqqMz
fWPte7m6Pl/pvtmlhPmpZ+ej7y8SRysBV+3aHNXaE1J3sIOmYxighlgZapSjHl/A
9N/KXdoLAjIZtBAOQ2ZFyRz/c2+VUqJgwiwdxoaFaYn2eUM+HSTbZfdGXBS/yyZL
YsM+L4M2aizQvDIRXzy8vG0vpHQEvPlXL0Gg0gyk0fox0OsAP5CfXmHC/AvYOHM8
y81X2QqDf33Au1RIgog4cLqq2wpXEARWbAj0BAMIeJoCDCu9Mz2juK1ui2wr8AZ0
42PCUgZK6CdUI18AsvApUhPsNunF7ZOc5mFMuaEGjjWJvrTG3qyrCY73ySBiGXWo
92ZB7FXu2MzgujPBEigByqeF6IV2x0EBHw/VrcxXq6Slgmik6G0SD/48l5mGCxM0
Wr91raB9zQlwDbtD3PCbjA6DtkMrRyAq+81g75N6uiztGPCVw9n1HoGOSjN1hAhe
SgQQlcXbDLpzfdPFowDEHclFFfUODCIOuF+FgmxlAz5Exr9JkJdozBFqRZ4iF/tf
E5sHB0rzeUcY3J6VjTsjULjE4GSg5trsOc8GHUnFn9wwwkf9nR/Mr1RYcX0GkTcy
iUskw+AoRz6svOfAWIDJY450wgD0MHZK08IfUUsYTGecoXcvWf/hITtv/Af5MpQA
wuGEDltVDeu9EAu65SZlMkkMuQD1h3KOQjUJ6nY4a4M2CQ51ggs/c+vsemxsuYlG
vSuhrfXt6HGD3dhsOEeyEvIcjjpP1Ku5mqrPhqXFli1swfohhYGGVO+fM7G3l7wF
kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg==
=I8Dr
-----END PGP PUBLIC KEY BLOCK-----

16
SOURCES/libsepol-3.7.tar.gz.asc
Unescape View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
CNGuSQ//cFEkvjL9a7cTSPE7HI66nyYK7Kd0qj9IZfZ0356U8tC17FwBgHs4PGd5
o2k7fMBgF9cK8Eycj5JHeu5XmyfVnn+opWn+T6K8UeostDSLxSgqaUqQ5HxK6e0E
fR5NOR/SgNs6NDZPTAp61nXPVpUng0+N73FLDAyU9Yygy3Y3bF89elLzL0M2l9lB
CrKv79F5WSGDG8h5YBmXloCBFiT2pzSe3D1Yse8eq34AeJAoVArz1KgQgU+dBVjW
cldkFvzvCnOkuEoFW5M4dRpc8MEXChRVEM0RmGnzamxIpnK99qN/dlgDe3sTCYi7
Sl42IOQuFsbVVo3Tk9Nx61oQuoPqWGe+V61ZlOTryawKm84svJ6aP74E7x0bT3KD
V1964Yw+SbPqLYXTVHG2lpBvB2O79XjQQ00AZXys7d5b2CAallNXwTeK0HrcUT5T
CzsBCEX4i/PLxJte6MNTIbCC4lMiyvf6AOUpus949m1WEQCtFDv/3fyHfM91uA5g
TsGzkupwqXGepDSFZyU5lyhsCup2VC/5qh9x4zhAs4SoUb/JLTpobwiW4TwBy4mp
xijH5y7g50u3y1k9rNcW0wNDMot+ROOdTwCRqyAzpC8rzfmaVhD7qcu4zry2CeI1
AbGP1KH319s1Ae7wygj+/xGAiYHKR4NwL/SgdenNV4xsw/sn2gg=
=YJy0
-----END PGP SIGNATURE-----

211
SPECS/libsepol.spec
Unescape View File

@ -1,33 +1,20 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autochangelog
## END: Set by rpmautospec
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsepol Name: libsepol
Version: 3.7 Version: 3.5
Release: 4%{?dist} Release: 1%{?dist}
License: LGPL-2.1-or-later License: LGPLv2+
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsepol-3.7.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libsepol-3.5.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsepol-3.7.tar.gz.asc
Source2: https://github.com/bachradsusi.gpg
URL: https://github.com/SELinuxProject/selinux/wiki URL: https://github.com/SELinuxProject/selinux/wiki
# $ git clone https://github.com/fedora-selinux/selinux.git # $ git clone https://github.com/fedora-selinux/selinux.git
# $ cd selinux # $ cd selinux
# $ git format-patch -N libsepol-3.7 -- libsepol # $ git format-patch -N libsepol-3.5 -- libsepol
# $ i=1; for j in 0*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # $ i=1; for j in 0*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start # Patch list start
Patch0001: 0001-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch Patch0001: 0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch
Patch0002: 0002-libsepol-cil-Check-that-sym_index-is-within-bounds.patch
Patch0003: 0003-libsepol-cil-Initialize-avtab_datum-on-declaration.patch
Patch0004: 0004-libsepol-mls-Do-not-destroy-context-on-memory-error.patch
Patch0005: 0005-libsepol-cil-cil_post-Initialize-tmp-on-declaration.patch
Patch0006: 0006-libsepol-Initialize-strs-on-declaration.patch
# Patch list end # Patch list end
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: flex BuildRequires: flex
BuildRequires: gnupg2
Obsoletes: %{name}-compat = 3.1-4 Obsoletes: %{name}-compat = 3.1-4
%description %description
@ -70,7 +57,6 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
The libsepol-utils package contains the utilities The libsepol-utils package contains the utilities
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p 2 -n libsepol-%{version} %autosetup -p 2 -n libsepol-%{version}
# sparc64 is an -fPIC arch, so we need to fix it here # sparc64 is an -fPIC arch, so we need to fix it here
@ -121,83 +107,24 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
%{_mandir}/man8/chkcon.8.gz %{_mandir}/man8/chkcon.8.gz
%changelog %changelog
## START: Generated by rpmautospec * Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
* Tue Nov 12 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-4
- cil: Check that sym_index is within bounds (RHEL-34823)
- cil: Initialize avtab_datum on declaration (RHEL-34810)
- mls: Do not destroy context on memory error (RHEL-34810)
- cil/cil_post: Initialize tmp on declaration (RHEL-34810)
- Initialize "strs" on declaration (RHEL-34810)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.7-3
- Bump release for October 2024 mass rebuild (RHEL-64018)
* Fri Aug 09 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-2
- sepol_compute_sid: Do not destroy uninitialized context (RHEL-34808)
* Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
- SELinux userspace 3.7 release
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.6-4
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Dec 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
- SELinux userspace 3.6 release
* Thu Nov 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc2.1
- SELinux userspace 3.6-rc2 release
* Fri Nov 10 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1
- SELinux userspace 3.6-rc1 release
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Feb 24 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1
- SELinux userspace 3.5 release - SELinux userspace 3.5 release
* Mon Feb 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1 * Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1
- SELinux userspace 3.5-rc3 release - SELinux userspace 3.5-rc3 release
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-0.rc2.1.1 * Mon Jan 2 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1
- SELinux userspace 3.5-rc2 release
* Fri Dec 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1
- SELinux userspace 3.5-rc1 release - SELinux userspace 3.5-rc1 release
* Mon Nov 21 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.4-4 * Fri Oct 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3
- Rebase on upstream f56a72ac9e86 - Fix validation of user declarations in modules (#2136212)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed May 25 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2 * Wed Oct 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2
- rebuilt - Restore error on context rule conflicts (#2127399)
* Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1 * Mon May 23 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1.1
- SELinux userspace 3.4 release - SELinux userspace 3.4 release
* Tue May 10 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc3.1
- SELinux userspace 3.4-rc3 release
* Thu Apr 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc2.1
- SELinux userspace 3.4-rc2 release
* Tue Apr 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-0.rc1.1
- SELinux userspace 3.4-rc1 release
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Nov 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2 * Thu Nov 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
- Use correct libdir in libsepol.pc (#2018492) - Use correct libdir in libsepol.pc (#2018492)
@ -210,11 +137,15 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1 * Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
- SELinux userspace 3.3-rc2 release - SELinux userspace 3.3-rc2 release
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3 * Wed Jul 28 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
- Rebase on upstream commit 32611aea6543 - Rebase on upstream commit 32611aea6543
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-2 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1 * Mon Mar 8 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
- SELinux userspace 3.2 release - SELinux userspace 3.2 release
@ -422,7 +353,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1 * Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
- Update to upstream - Update to upstream
* Improve error message for name-based transition conflicts. * Improve error message for name-based transition conflicts.
* Revert libsepol: filename_trans: use some better sorting to compare and merge. * Revert libsepol: filename_trans: use some better sorting to compare and merge.
* Report source file and line information for neverallow failures. * Report source file and line information for neverallow failures.
@ -430,7 +361,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
* Add sepol_validate_transition_reason_buffer function from Richard Haines. * Add sepol_validate_transition_reason_buffer function from Richard Haines.
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1 * Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
- Update to upstream - Update to upstream
- Richard Haines patch V1 Allow constraint denials to be determined. - Richard Haines patch V1 Allow constraint denials to be determined.
- Add separate role declarations as required by modern checkpolicy. - Add separate role declarations as required by modern checkpolicy.
@ -438,12 +369,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1 * Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
- Update to upstream - Update to upstream
- filename_trans: use some better sorting to compare and merge - filename_trans: use some better sorting to compare and merge
- coverity fixes - coverity fixes
- implement default type policy syntax - implement default type policy syntax
- Fix memory leak issues found by Klocwork - Fix memory leak issues found by Klocwork
- Add CONTRAINT_NAMES to the kernel - Add CONTRAINT_NAMES to the kernel
* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-8 * Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.8-8
- Update to latest patches from eparis/Upstream - Update to latest patches from eparis/Upstream
@ -467,7 +398,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
- Revert patch that was attempting to expand filetrans attributes, but is breaking filetrans rules - Revert patch that was attempting to expand filetrans attributes, but is breaking filetrans rules
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1 * Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
- Update to upstream - Update to upstream
* fix neverallow checking on attributes * fix neverallow checking on attributes
* Move context_copy() after switch block in ocontext_copy_*(). * Move context_copy() after switch block in ocontext_copy_*().
* check for missing initial SID labeling statement. * check for missing initial SID labeling statement.
@ -484,7 +415,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1 * Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1
- Update to upstream - Update to upstream
* reserve policycapability for redhat testing of ptrace child * reserve policycapability for redhat testing of ptrace child
* cosmetic changes to make the source easier to read * cosmetic changes to make the source easier to read
* prepend instead of append to filename_trans list * prepend instead of append to filename_trans list
@ -498,7 +429,7 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
- Add support for ptrace_child - Add support for ptrace_child
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1 * Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
- Update to upstream - Update to upstream
* checkpolicy: implement new default labeling behaviors * checkpolicy: implement new default labeling behaviors
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.4-6 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.4-6
@ -514,11 +445,11 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
- Add Eparis patch for handling of default transition labeling - Add Eparis patch for handling of default transition labeling
* Mon Dec 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2 * Mon Dec 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
- Allow policy to specify the source of target for generating the default user,role - Allow policy to specify the source of target for generating the default user,role
- or mls label for a new target. - or mls label for a new target.
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1 * Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
- Update to upstream - Update to upstream
* regenerate .pc on VERSION change * regenerate .pc on VERSION change
* Move ebitmap_* functions from mcstrans to libsepol * Move ebitmap_* functions from mcstrans to libsepol
* expand: do filename_trans type comparison on mapped representation * expand: do filename_trans type comparison on mapped representation
@ -550,23 +481,23 @@ dup!
- Add patch to handle preserving tunables - Add patch to handle preserving tunables
* Thu Sep 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-2 * Thu Sep 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-2
- export expand_module_avrules - export expand_module_avrules
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-0 * Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-0
- Update to upstream - Update to upstream
* Only call role_fix_callback for base.p_roles during expansion. * Only call role_fix_callback for base.p_roles during expansion.
* use mapped role number instead of module role number * use mapped role number instead of module role number
* Mon Aug 1 2011 Dan Walsh <dwalsh@redhat.com> 2.1.1-1 * Mon Aug 1 2011 Dan Walsh <dwalsh@redhat.com> 2.1.1-1
- Update to upstream - Update to upstream
* Minor fix to reading policy with filename transition rules * Minor fix to reading policy with filename transition rules
* Wed Jul 27 2011 Dan Walsh <dwalsh@redhat.com> 2.1.0-1 * Wed Jul 27 2011 Dan Walsh <dwalsh@redhat.com> 2.1.0-1
- Update to upstream - Update to upstream
* Release, minor version bump * Release, minor version bump
* Tue May 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.45-1 * Tue May 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.45-1
- Update to upstream - Update to upstream
* Warn if filename_trans rules are dropped by Steve Lawrence. * Warn if filename_trans rules are dropped by Steve Lawrence.
* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.44-2 * Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.44-2
@ -579,7 +510,7 @@ dup!
* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-3 * Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-3
- re-add Erics patch for filename transitions - re-add Erics patch for filename transitions
* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1 * Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
-Update to upstream -Update to upstream
* Add new class field in role_transition by Harry Ciao. * Add new class field in role_transition by Harry Ciao.
@ -726,7 +657,7 @@ Resolves: #555835
* Reject self aliasing at link time from Stephen Smalley. * Reject self aliasing at link time from Stephen Smalley.
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
* Fixed bug in require checking from Stephen Smalley. * Fixed bug in require checking from Stephen Smalley.
* Added user hierarchy checking from Todd Miller. * Added user hierarchy checking from Todd Miller.
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.11-1 * Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.11-1
* Pass CFLAGS to CC even on link command, per Dennis Gilmore. * Pass CFLAGS to CC even on link command, per Dennis Gilmore.
@ -767,7 +698,7 @@ Resolves: #555835
* Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-1 * Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged fix from Karl to remap booleans at expand time to * Merged fix from Karl to remap booleans at expand time to
avoid holes in the symbol table. avoid holes in the symbol table.
* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-1 * Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-1
@ -775,7 +706,7 @@ Resolves: #555835
* Merged libsepol segfault fix from Stephen Smalley for when * Merged libsepol segfault fix from Stephen Smalley for when
sensitivities are required but not present in the base. sensitivities are required but not present in the base.
* Merged patch to add errcodes.h to libsepol by Karl MacMillan. * Merged patch to add errcodes.h to libsepol by Karl MacMillan.
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1 * Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Updated version for stable branch. * Updated version for stable branch.
@ -822,7 +753,7 @@ Resolves: #555835
- Fix location of include directory to devel package - Fix location of include directory to devel package
* Fri Aug 25 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-2 * Fri Aug 25 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-2
- Remove invalid Requires - Remove invalid Requires
* Thu Aug 24 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-1 * Thu Aug 24 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
@ -939,7 +870,7 @@ Resolves: #555835
* Merged bug fix patch from Ivan Gyurdiev. * Merged bug fix patch from Ivan Gyurdiev.
* Added a defined flag to level_datum_t for use by checkpolicy. * Added a defined flag to level_datum_t for use by checkpolicy.
* Merged nodecon support patch from Ivan Gyurdiev. * Merged nodecon support patch from Ivan Gyurdiev.
* Merged cleanups patch from Ivan Gyurdiev. * Merged cleanups patch from Ivan Gyurdiev.
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.14-2 * Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.14-2
- Fix post install not to fire if /dev/initctr does not exist - Fix post install not to fire if /dev/initctr does not exist
@ -963,13 +894,13 @@ Resolves: #555835
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged assertion copying bugfix from Joshua Brindle. * Merged assertion copying bugfix from Joshua Brindle.
* Merged sepol_av_to_string patch from Joshua Brindle. * Merged sepol_av_to_string patch from Joshua Brindle.
* Merged clone record on set_con patch from Ivan Gyurdiev. * Merged clone record on set_con patch from Ivan Gyurdiev.
* Mon Jan 30 2006 Dan Walsh <dwalsh@redhat.com> 1.11.10-1 * Mon Jan 30 2006 Dan Walsh <dwalsh@redhat.com> 1.11.10-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged cond_expr mapping and package section count bug fixes * Merged cond_expr mapping and package section count bug fixes
from Joshua Brindle. from Joshua Brindle.
* Merged improve port/fcontext API patch from Ivan Gyurdiev. * Merged improve port/fcontext API patch from Ivan Gyurdiev.
* Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev. * Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.9-1 * Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.9-1
@ -1025,7 +956,7 @@ Resolves: #555835
* Mon Dec 5 2005 Dan Walsh <dwalsh@redhat.com> 1.9.42-1 * Mon Dec 5 2005 Dan Walsh <dwalsh@redhat.com> 1.9.42-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Dropped handle from user_del_role interface. * Dropped handle from user_del_role interface.
* Mon Nov 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.41-1 * Mon Nov 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.41-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
@ -1044,7 +975,7 @@ Resolves: #555835
degenerate case where there are no booleans or booleans.local degenerate case where there are no booleans or booleans.local
files. files.
* Cleaned up sepol_genusers to not warn on missing local.users. * Cleaned up sepol_genusers to not warn on missing local.users.
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.9.38-1 * Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.9.38-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Removed sepol_port_* from libsepol.map, as the port interfaces * Removed sepol_port_* from libsepol.map, as the port interfaces
@ -1067,16 +998,16 @@ Resolves: #555835
* Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.9.34-1 * Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.9.34-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged record interface, record bugfix, and set_roles patches * Merged record interface, record bugfix, and set_roles patches
from Ivan Gyurdiev. from Ivan Gyurdiev.
* Fri Oct 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.33-1 * Fri Oct 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.33-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged count specification change from Ivan Gyurdiev. * Merged count specification change from Ivan Gyurdiev.
* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.9.32-1 * Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.9.32-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Added further checking and error reporting to * Added further checking and error reporting to
sepol_module_package_read and _info. sepol_module_package_read and _info.
* Merged sepol handle passing, DEBUG conversion, and memory leak * Merged sepol handle passing, DEBUG conversion, and memory leak
fix patches from Ivan Gyurdiev. fix patches from Ivan Gyurdiev.
@ -1097,8 +1028,8 @@ Resolves: #555835
* Mon Oct 24 2005 Dan Walsh <dwalsh@redhat.com> 1.9.26-1 * Mon Oct 24 2005 Dan Walsh <dwalsh@redhat.com> 1.9.26-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged context interface cleanup, record conversion code, * Merged context interface cleanup, record conversion code,
key passing, and bug fix patches from Ivan Gyurdiev. key passing, and bug fix patches from Ivan Gyurdiev.
* Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.9.25-1 * Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.9.25-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
@ -1114,7 +1045,7 @@ Resolves: #555835
and hierarchy checking on expansion. and hierarchy checking on expansion.
* Reworked check_assertions() and hierarchy_check_constraints() * Reworked check_assertions() and hierarchy_check_constraints()
to take handles and use callback-based error reporting. to take handles and use callback-based error reporting.
* Changed expand_module() to call check_assertions() and * Changed expand_module() to call check_assertions() and
hierarchy_check_constraints() prior to returning the expanded hierarchy_check_constraints() prior to returning the expanded
policy. policy.
@ -1127,9 +1058,9 @@ Resolves: #555835
* Added handle argument to policydb_from_image/to_image. * Added handle argument to policydb_from_image/to_image.
* Added sepol_module_package_set_file_contexts interface. * Added sepol_module_package_set_file_contexts interface.
* Dropped sepol_module_package_create_file interface. * Dropped sepol_module_package_create_file interface.
* Reworked policydb_read/write, policydb_from_image/to_image, * Reworked policydb_read/write, policydb_from_image/to_image,
and sepol_module_package_read/write to use callback-based error and sepol_module_package_read/write to use callback-based error
reporting system rather than DEBUG. reporting system rather than DEBUG.
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.19-1 * Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.19-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
@ -1169,9 +1100,9 @@ Resolves: #555835
Caller must do so first. Caller must do so first.
2) policydb_init no longer takes policy_type argument. 2) policydb_init no longer takes policy_type argument.
Caller must set policy_type separately. Caller must set policy_type separately.
3) expand_module automatically enables the global branch. 3) expand_module automatically enables the global branch.
Caller no longer needs to do so. Caller no longer needs to do so.
4) policydb_write uses the policy_type and policyvers from the 4) policydb_write uses the policy_type and policyvers from the
policydb itself, and sepol_set_policyvers() has been removed. policydb itself, and sepol_set_policyvers() has been removed.
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.9.12-1 * Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.9.12-1
@ -1182,7 +1113,7 @@ Resolves: #555835
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged bug fix for check_assertions handling of no assertions * Merged bug fix for check_assertions handling of no assertions
from Joshua Brindle (Tresys). from Joshua Brindle (Tresys).
* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.9.10-1 * Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.9.10-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged iterate patch from Ivan Gyurdiev. * Merged iterate patch from Ivan Gyurdiev.
@ -1218,7 +1149,7 @@ Resolves: #555835
* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-2 * Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-2
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged stddef.h patch and debug conversion patch from * Merged stddef.h patch and debug conversion patch from
Ivan Gyurdiev. Ivan Gyurdiev.
* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-1 * Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-1
@ -1242,14 +1173,14 @@ Resolves: #555835
* Tue Aug 23 2005 Dan Walsh <dwalsh@redhat.com> 1.7.20-1 * Tue Aug 23 2005 Dan Walsh <dwalsh@redhat.com> 1.7.20-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged more fixes for resource leaks on error paths * Merged more fixes for resource leaks on error paths
from Serge Hallyn (IBM). Bugs found by Coverity. from Serge Hallyn (IBM). Bugs found by Coverity.
* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.7.19-1 * Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.7.19-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Changed to treat all type conflicts as fatal errors. * Changed to treat all type conflicts as fatal errors.
* Merged several error handling fixes from * Merged several error handling fixes from
Serge Hallyn (IBM). Bugs found by Coverity. Serge Hallyn (IBM). Bugs found by Coverity.
* Mon Aug 15 2005 Dan Walsh <dwalsh@redhat.com> 1.7.17-1 * Mon Aug 15 2005 Dan Walsh <dwalsh@redhat.com> 1.7.17-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
@ -1259,7 +1190,7 @@ Resolves: #555835
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Fixed empty list test in cond_write_av_list. Bug found by * Fixed empty list test in cond_write_av_list. Bug found by
Coverity, reported by Serge Hallyn (IBM). Coverity, reported by Serge Hallyn (IBM).
* Merged patch to policydb_write to check errors * Merged patch to policydb_write to check errors
when writing the type->attribute reverse map from when writing the type->attribute reverse map from
Serge Hallyn (IBM). Bug found by Coverity. Serge Hallyn (IBM). Bug found by Coverity.
* Fixed policydb_destroy to properly handle NULL type_attr_map * Fixed policydb_destroy to properly handle NULL type_attr_map
@ -1269,7 +1200,7 @@ Resolves: #555835
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Fixed empty list test in cond_write_av_list. Bug found by * Fixed empty list test in cond_write_av_list. Bug found by
Coverity, reported by Serge Hallyn (IBM). Coverity, reported by Serge Hallyn (IBM).
* Merged patch to policydb_write to check errors * Merged patch to policydb_write to check errors
when writing the type->attribute reverse map from when writing the type->attribute reverse map from
Serge Hallyn (IBM). Bug found by Coverity. Serge Hallyn (IBM). Bug found by Coverity.
* Fixed policydb_destroy to properly handle NULL type_attr_map * Fixed policydb_destroy to properly handle NULL type_attr_map
@ -1278,15 +1209,15 @@ Resolves: #555835
* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.13-1 * Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.13-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Improved memory use by SELinux by both reducing the avtab * Improved memory use by SELinux by both reducing the avtab
node size and reducing the number of avtab nodes (by not node size and reducing the number of avtab nodes (by not
expanding attributes in TE rules when possible). Added expanding attributes in TE rules when possible). Added
expand_avtab and expand_cond_av_list functions for use by expand_avtab and expand_cond_av_list functions for use by
assertion checker, hierarchy checker, compatibility code, assertion checker, hierarchy checker, compatibility code,
and dispol. Added new inline ebitmap operators and converted and dispol. Added new inline ebitmap operators and converted
existing users of ebitmaps to the new operators for greater existing users of ebitmaps to the new operators for greater
efficiency. efficiency.
Note: The binary policy format version has been incremented to Note: The binary policy format version has been incremented to
version 20 as a result of these changes. version 20 as a result of these changes.
* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.12-1 * Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.12-1
@ -1310,11 +1241,11 @@ Resolves: #555835
* Merged mls_context_to_sid bugfix from Ivan Gyurdiev. * Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
* Wed Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-2 * Wed Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-2
- Fix MLS Free - Fix MLS Free
* Mon Jul 25 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-1 * Mon Jul 25 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Merged context reorganization, memory leak fixes, * Merged context reorganization, memory leak fixes,
port and interface loading, replacements for genusers and port and interface loading, replacements for genusers and
genbools, debug traceback, and bugfix patches from Ivan Gyurdiev. genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
* Merged uninitialized variable bugfix from Dan Walsh. * Merged uninitialized variable bugfix from Dan Walsh.
@ -1336,7 +1267,7 @@ Resolves: #555835
* Merged genbools debugging message cleanup from Red Hat. * Merged genbools debugging message cleanup from Red Hat.
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-2 * Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-2
- Remove genpolbools and genpoluser - Remove genpolbools and genpoluser
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-1 * Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
@ -1361,7 +1292,7 @@ Resolves: #555835
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.5.8-1 * Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.5.8-1
- Upgrade to latest from NSA - Upgrade to latest from NSA
* Added sepol_ prefix to Flask types to avoid * Added sepol_ prefix to Flask types to avoid
namespace collision with libselinux. namespace collision with libselinux.
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.5.7-1 * Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.5.7-1
@ -1456,6 +1387,6 @@ Resolves: #555835
* Tue Aug 10 2004 Dan Walsh <dwalsh@redhat.com> 0.3.1-1 * Tue Aug 10 2004 Dan Walsh <dwalsh@redhat.com> 0.3.1-1
- Initial version - Initial version
- Created by Stephen Smalley <sds@epoch.ncsc.mil> - Created by Stephen Smalley <sds@epoch.ncsc.mil>
## END: Generated by rpmautospec

Write Preview
Loading…
Cancel
Save